Hi, this is something I get asked a lot by clients but it is just iThemes Security doing its job, and this is how it explains it:
‘If one had unlimited time and wanted to try an unlimited number of password combinations to get into your site they eventually would, right? This method of attack, known as a brute force attack, is something that WordPress is acutely susceptible to as, by default, the system doesn’t care how many attempts a user makes to login. It will always let you try again. Enabling login limits will ban the host user from attempting to login again after the specified bad login threshold has been reached.’
Unfortunately, this is a fairly regular occurrence on most sites and is also why I install iThemes Security (or WordFence) on client sites.
The login limits are set in Security>Local Brute Force Protection.
If you are getting a lot of these emails, you can go to Security>Global Settings and tick Send Digest email, or further down, you can uncheck Enable Email Lockout Notifications.
Thanks sussexlongman for your explanation. I had gone in and done what you had suggested. It just seemed weird to me that I suddenly started getting the emails even though I had installed iThemes security last year.
The other thing that worried me was the link said they were locking ME out! Even though I was having no problems logging in.
I checked where the attempts were coming from and it was just 2 IP addresses, over and over again.
Again, thanks very much for taking the time to answer me.
All the best
Sue
@suetamani
It just seemed weird to me that I suddenly started getting the emails even though I had installed iThemes security last year.
The brute force attacks probably started recently.
The other thing that worried me was the link said they were locking ME out! Even though I was having no problems logging in.
Starting from the 5.4.0 release your IP address is automatically whitelisted by the iTSec plugin when logged in as an administrator user.
So even when the user account is (temporarily) locked out your whitelisted IP still allows you to login with that user account.
(Or if you are already logged in with the user account you will not suddenly get locked out as a result of the brute force attack).
As it seems your initial question has been answered please mark this topic as ‘resolved’.
dwinden
I’m getting daily lockout notifications, all from the same ISP (Singlehop in Chicago, Il.). The notification says “too many attempts to access a file that does not exist.”
What file are they after — can we tell, and does it really matter?
I just installed iThemes free version on a site I manage, and I will get an email every hour or so probably for 8 hours per day a Site Lockout Notification, but when I go to look at the active lockouts in the settings area, there are none. There’s no indication at all that there’s an attempt at login.
Is this a glitch or some sort of error of install?
