Support » Plugin: All In One WP Security & Firewall » Login Attempts

  • Resolved airdrieweb

    (@airdrieweb)


    We are getting a lot of unauthorized login attempts on sites using this plugin. This happens even after we change the login URL and the username. Often in less than 12 hours.

    We have read the forum and adjusted the plugin settings many many times over the past year and it still keeps happening.

    These settings are currently activated:

    Completely Block Access To XMLRPC
    Login Lockdown (max 3 attempts)
    Rename Login Page
    Change DB Table Prefix
    Change Login Name / Display Name
    Disable Users Enumeration

    We also use the iQ Block Country plugin.

    And our sites are connected to ManageWP.com

    Thank you in advance for your help.

    – Frustrated.

    • This topic was modified 5 months, 3 weeks ago by airdrieweb.
    • This topic was modified 5 months, 3 weeks ago by airdrieweb.
    • This topic was modified 5 months, 3 weeks ago by airdrieweb.
    • This topic was modified 5 months, 3 weeks ago by airdrieweb.
    • This topic was modified 5 months, 3 weeks ago by airdrieweb.
Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, do you know if you have any plugin that might be interfering with the login form?

    You enabled Completely Block Access To XMLRPC:. What happens when you type the following yoursite.com/xmlrpc.php on the browser. What do you see?

    Thank you

    I see this: XML-RPC server accepts POST requests only.

    Active Plugins (10)
    ManageWP – Worker by GoDaddy – 4.9.7
    Query Monitor by John Blackbourn – 3.6.1
    All In One WP Security by Tips and Tricks HQ, Peter Petreski, Ruhul, Ivy – 4.4.4
    Classic Editor by WordPress Contributors – 1.5
    Comet Cache by WebSharks, Inc. – 170220
    iQ Block Country by Pascal – 1.2.9
    Kadence Slider by Kadence WP – 2.3.1
    Simple History by Pär Thernström – 2.34.0
    UpdraftPlus – Backup/Restore by UpdraftPlus.Com, DavidAnderson – 2.16.27.24
    Yoast SEO by Team Yoast – 14.6.1

    Theme
    Name: Ascend – Premium
    Version: 1.9.12
    Author URL: https://www.kadencewp.com/

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    I see this: XML-RPC server accepts POST requests only.

    That means that it is not totally blocked. If you block this fully, the message you would see is 403 forbidden apparently or similar. Blocking this fully means no one can access your site through here.

    Kind regards

    How would I block this fully?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    Please check the following documentation aiowps-plugin-pingback-protection-settings. Let me know if this helps you.

    Thank you

    • This reply was modified 5 months, 3 weeks ago by mbrsolution.

    Awesome, thank you so much, that worked!

    Closing thread.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    I am glad it worked for you 🙂

Viewing 9 replies - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.