lock scammers out automatically and permanently

  • Resolved anonymized-14293447

    (@anonymized-14293447)


    2 years, 9 months ago

    I need some advice guys:
    1) I need to block permanently fake logins for ever. I don’t want the message “you are locked for 2 months”, I want to kill them on their first ever attempt, and permanently
    2) I get a warning of “new user registration” (with one hard-to-guess username) and one second later the scammer is being locked out (using another hard-to-guess username). I believe this is a new technique which I hope you can investigate and throw some light upon
    🙂
    Thank you

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfphil

    (@wfphil)

    2 years, 9 months ago

    Hi @arsenalemusica

    Login lock outs have an expiration time as permanently blocking a lot of IP addresses is generally an ineffective security strategy and also not recommended. See the link Ask Wordfence: Should I Permanently Block IPs That I See Wordfence Blocking? in our IP address blocking documentation below:

    https://www.wordfence.com/help/blocking/#ip-address

    Your second point seems to me that it might be a broken bot if it is registering one username and then trying to login with a different, incorrect username.

    Thread Starter anonymized-14293447

    (@anonymized-14293447)

    2 years, 9 months ago

    thanks for the reply. They are certainly using bots because
    1) once 2 months expiration time are passed, they attempt again
    2) as soon as I put the site live, the register/login attempt starts
    But it’s getting on my nerves and I need to do something about it. How?

    Plugin Support wfphil

    (@wfphil)

    2 years, 9 months ago

    Hi @arsenalemusica,

    Thank you for the update.

    If you don’t need to allow people to register then you can disable registration on the WordPress Settings >> General page.

    If you do allow people to register then you can prevent bots from registering using our CAPTCHA feature which applies to the default WordPress login and registration pages. Note that this may not work on a custom registration page generated by another plugin:

    https://www.wordfence.com/help/login-security/#captcha-options

    Wordfence also provides full and complete brute force login attack prevention. Please follow the guides below:

    https://www.wordfence.com/help/firewall/brute-force/

    https://www.wordfence.com/help/tools/two-factor-authentication/

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘lock scammers out automatically and permanently’ is closed to new replies.