is this a false positive?

  • Resolved ITWizards

    (@itwizards)


    7 years, 4 months ago

    Hello

    I am not sure if this a false positive?

    I am keep getting this message:

    A user with IP address xxx.xxx.xxx.xxx has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username ‘test’ to try to sign in.

    My login page is hidden so I am not sure how this is happening?
    Is it possible to see the login attempt URL from wordfence admin console?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author WFMattR

    (@wfmattr)

    7 years, 4 months ago

    Hi,

    It shouldn’t be a false positive — if login attempts are not coming through wp-login.php, they are most likely coming through xmlrpc.php — the same method used by the WordPress app, plugins like Jetpack, and other features like trackbacks and pingbacks.

    Disabling XML-RPC is possible (there are a number of plugins that do it, such as “Disable XML-RPC”) but it may cause other possible problems depending on the features/plugins you use. If you decide to disable it, you might want to check out this post first:
    Should you disable XML-RPC on WordPress?

    I don’t think you’ll see the location of the login attempts within Wordfence’s Live Traffic, but if you know where to find your site’s “access log” files, you should be able to see that IP’s activity there. (Some hosts disable access logs, or remove logs after a certain number of days or hours.)

    -Matt R

    • This reply was modified 7 years, 4 months ago by WFMattR.
    Thread Starter ITWizards

    (@itwizards)

    7 years, 4 months ago

    Thanks Matt

    I disabled XML-RPC and messages are stopped now.

    Thanks for your Help

    • This reply was modified 7 years, 4 months ago by ITWizards.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘is this a false positive?’ is closed to new replies.