• Resolved airdrieweb

    (@airdrieweb)


    We are getting a lot of unauthorized login attempts on sites using this plugin. This happens even after we change the login URL and the username. Often in less than 12 hours.

    We have read the forum and adjusted the plugin settings many many times over the past year and it still keeps happening.

    These settings are currently activated:

    Completely Block Access To XMLRPC
    Login Lockdown (max 3 attempts)
    Rename Login Page
    Change DB Table Prefix
    Change Login Name / Display Name
    Disable Users Enumeration

    We also use the iQ Block Country plugin.

    And our sites are connected to ManageWP.com

    Thank you in advance for your help.

    – Frustrated.

    • This topic was modified 4 years, 4 months ago by airdrieweb.
    • This topic was modified 4 years, 4 months ago by airdrieweb.
    • This topic was modified 4 years, 4 months ago by airdrieweb.
    • This topic was modified 4 years, 4 months ago by airdrieweb.
    • This topic was modified 4 years, 4 months ago by airdrieweb.
Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, do you know if you have any plugin that might be interfering with the login form?

    You enabled Completely Block Access To XMLRPC:. What happens when you type the following yoursite.com/xmlrpc.php on the browser. What do you see?

    Thank you

    Thread Starter airdrieweb

    (@airdrieweb)

    I see this: XML-RPC server accepts POST requests only.

    Thread Starter airdrieweb

    (@airdrieweb)

    Active Plugins (10)
    ManageWP – Worker by GoDaddy – 4.9.7
    Query Monitor by John Blackbourn – 3.6.1
    All In One WP Security by Tips and Tricks HQ, Peter Petreski, Ruhul, Ivy – 4.4.4
    Classic Editor by WordPress Contributors – 1.5
    Comet Cache by WebSharks, Inc. – 170220
    iQ Block Country by Pascal – 1.2.9
    Kadence Slider by Kadence WP – 2.3.1
    Simple History by Pär Thernström – 2.34.0
    UpdraftPlus – Backup/Restore by UpdraftPlus.Com, DavidAnderson – 2.16.27.24
    Yoast SEO by Team Yoast – 14.6.1

    Theme
    Name: Ascend – Premium
    Version: 1.9.12
    Author URL: https://www.kadencewp.com/

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    I see this: XML-RPC server accepts POST requests only.

    That means that it is not totally blocked. If you block this fully, the message you would see is 403 forbidden apparently or similar. Blocking this fully means no one can access your site through here.

    Kind regards

    Thread Starter airdrieweb

    (@airdrieweb)

    How would I block this fully?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    Please check the following documentation aiowps-plugin-pingback-protection-settings. Let me know if this helps you.

    Thank you

    • This reply was modified 4 years, 4 months ago by mbrsolution.
    Thread Starter airdrieweb

    (@airdrieweb)

    Awesome, thank you so much, that worked!

    Thread Starter airdrieweb

    (@airdrieweb)

    Closing thread.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    I am glad it worked for you 🙂

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Login Attempts’ is closed to new replies.