Hi,
What are you using for site stats? Google analytics or something similar?
On the email alert issue, have you configured an email address to send alerts to and have you tried sending a test email?
Thanks,
Brian
Hello Brian,
I’m using Jetpack for site stats
For the email, i just tried to send a test email, the result is “false” and i don’t receive any email.
I tried to send one my self to the “@mydomain” with a gmail account and i received it (i don’t know if this can help).
Do you have any other Jetpack features enabled?
Does email on your site work in general? Do you have an email address configured under General Settings for your site?
-Brian
Yes i have other Jetpack features enabled, almost the default ones, i think “Protect” is the one that blocks and counts malicious login attempts.
Yes i have the email address configured in the general settings, is the same one in which i should receive the notifications from Wordfence, i don’t know if it works in general with the website because the test email from Wordfence has been the first attempt to receive an email from a plugin, all options to receive notification are enabled, but i never received one.
I’m reading around that this problem can be resolved by my host, so i’m contacting them to see if they can help, but eventually i would still have the problem of the not reported login attempts and the tried passwords.
There may be a conflict going on. If you disable Jetpack, does Wordfence function as expected? This post addresses the conflict issue:
https://wordpress.org/support/topic/wordfence-and-jetpack-protect?replies=7
Also, you may need to increase the memory on your site.
http://docs.wordfence.com/en/Wordfence_system_requirements#Memory
I solved the email problem by installing an SMTP plugin, with the help of my host provider (i write this so if someone have this problem and read this thread can try this solution, contact your host provider for the data that you will need).
Now i’m able to receive the test email from wordfence,so i think from wordpress in general.
I think the memory is ok, when i try the test memory of wordfence i receive this message: “Congratulations, your web host allows you to use at least 82.00 megabytes of memory for each PHP process hosting your WordPress site.”
I contacted the Jetpack support, this is their answer (i have not mentioned to them that i’m using Wordfence):
“However, it’s work noting that Jetpack’s Protect module protects your login form, but also protects brute force attacks to your site’s XML-RPC file. It is possible that your other plugin only reports failed login attempts on your site’s log in page, and doesn’t record other failed attempts to authenticate and access your site.”
Is this the problem?
Another question: i will receive the tried username and password in the email alerts by wordfence?
I tried to login with wrong password… the email that i receive doesn’t tell me the password used, is there a way to know which password are used from who tries to login?
We have no plans to add that feature.
As for the alerts about lockouts, what you may be seeing is actually a completely different type of attack that leverages some core functionality on wordpress to get around being blocked. It uses XMLRPC. To lock this out you need a plugin that can block it. We used to block it but it
turned out that blocking XMLRPC also broke things, for instance in Jetpack. We’re now blocking the specific login requests and logging the attempts as of version 6.0.17 which is why you are now seeing them. As far as we know, no one is able to block these without disabling XMLRPC though we are constantly looking for ways to improve and this may one day be possible but the important thing is that they are being blocked.
Here are a couple of related article we published explaining what XMLRPC is and what the login attempts you see are.
https://www.wordfence.com/blog/2015/10/wordpress-xml-rpc-brute-force-attacks-amplification-multiple-logins/
https://www.wordfence.com/blog/2015/10/should-you-disable-xml-rpc-on-wordpress/
It is also possible that they are part of a scripted attack where the username and password are added to the login url being attacked. In this case the attempt is being blocked but it is also being logged as well.
Thanks for your answers.
I would like to know if it’s possible to see the passwords that people try to use to login, actually i see only the tried username.
We don’t have plans to add that feature at this time.
Tim
