Hi @yukilna,
If you’re seeing a lot of lockouts, well, that means that iThemes Security is doing its job.
Like you, we also see a lot of 404s and lockouts, so as long as your website has not been compromised or has a virus, you’re good.
As you know, many attacks are from malicious bots or hackers. Once they realize they can’t access your site, they will look elsewhere. If you have time, you can also report the IPs associated with the lockouts to the “abuse@xxxxxx.com” address associated with the IPs. You may not hear back from the Host Administrator, but rest assure, I’m quite sure many take action behind the scenes. Don’t expect a “Thank You” reply for every report you submit.
You may also have a lot of lockouts depending on your plugin settings. We are using the following module settings: Global Settings and 404 Detection.
Hope the above helps.
Cheers!
Hi @yukilna (again),
Something else to consider: (you may know this already)
(1) If the lockout emails are nagging you, you can always deactivate the iThemes Security email setting for lockouts.
WP Dashboard > Security > Settings > Notification Center > Site Lockouts > Uncheck “Enabled”
(2) Attackers care less about company or website size. All they care about is obtaining information that will benefit their business or coffers. For example, we know of websites that get attacked (hit) THOUSANDS of times per hour. Usually, those are targeted attacks, but simply gives you an idea on what your website could experience from time to time.
(3) In lieu of contacting the “abuse@xxxxx.com” address associated with the malicious IPs, you can report them here. We do. Very important. Helps build a community database and establish abuse patterns that can be reviewed and eliminated by the authorities.
Cheers!
