Immediately lock out invalid usernames doesn’t seem to work

@beantown123

Thanks for writing in.

Can you send over diagnostics to wftest @ wordfence dot com, via Wordfence > Tools > Diagnostics > Send Report by Mail. Please put your forum username in the second field there, and let me know here when they are sent.

The users will be allowed to try to login again after the block expires, which is determined by the amount of time you have set in Wordfence > All Options > Rate Limiting > How long is an IP address blocked when it breaks a rule

It is possible you saw them get blocked, then their block expired, then they again tried to log in with the name, got blocked, etc.

I would set that to a few hours and then when you see a login attempt with a prohibited name, check the Wordfence > Firewall > Blocking area for that IP.

Scott

Thanks, @beantown123.

I am immediately blocked when I try to login with the name “admin” on your site. Go ahead and take a look at live traffic and let me know what you’re seeing. You’re likely seeing a New York IP. I was not able to view any pages after the block.

You may want to adjust the lockout time I mentioned in the Rate Limiting area. If you want the block to be a few hours or a few days. Be sure to not set those rate-limiting rules too strict, however, or else you’ll be blocking good bots or visitors for multiple days (or whatever you set the lockout time to). Here is what we recommend for rate-limiting settings https://www.wordfence.com/help/firewall/rate-limiting/

Scott

Thanks @beantown123

Please screenshot some of the attempts for admin you are seeing that aren’t being blocked, so I can confirm.

I appreciate your patience.

Thanks,
Scott

@beantown123,

Sure, I apologize. You can send that to wftest @ wordfence dot com — please put your username here as the subject line and then post here to let me know it is sent.

Thanks again,
Scott