Support » Plugin: Wordfence Security » Immediately block the IP of users who try to sign in as these usernames

  • Hi,

    I am getting lots of attempted logins:
    attempted a failed login using an invalid username “admin”.

    I can block them if I set the setting:
    Immediately lock out invalid usernames

    But I don’t really want that set as it may block legitimate users with typos.

    I tried setting:
    Immediately block the IP of users who try to sign in as these usernames

    to:
    admin,Admin

    But this does not block them, there is no admin user set in Worpdress.
    Any ideas why it’s not blocking them?

    Thanks

    https://wordpress.org/plugins/wordfence/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Also, when setting Immediately lock out invalid usernames

    How does this block them? By IP?
    As I can’t see any IP’s being listed in the Blocked IP’s section.
    So how would I unblock legitimate users?

    They’re not Blocked IPs (from accessing the site). They’re Locked out from Login (the second tab on that screen).

    How do you know admin,Admin isn’t getting locked out? If you’re testing from home, is your IP address whitelisted to bypass all rules?

    I know its not getting blocked out as the attempted logins will keep coming through in Live traffic, when I set lock out invalid names this stops, there is no user under the username admin or Admin so my login should not affect it correct?

    I don’t have Live Traffic enabled, so I don’t watch that, but I do see invalid usernames get blocked in my Blocked IP page.

    Again, it blocks the IP address, which should show up in the second tab for Blocked IP. A first attempt from a new IP address will get through, but not subsequent attempts.

    For how long do you have your blocks set in Login Security Options?

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Immediately block the IP of users who try to sign in as these usernames’ is closed to new replies.