Login Security Options | WordPress.org

Resolved matt19
(@matt19)

10 years, 6 months ago

Hello,

We’ve had a lot of attacks on some of our sites. All trying to login into our site using the “admin” username which doesn’t exist. We’ve been using the option of “Immediately block the IP of users who try to sign in as these usernames” We have “admin” in this list among others but we’re still getting alerts telling us that someone is failing to login in under username “admin”

Any assist will be greatly appreciated. 🙂

https://wordpress.org/plugins/wordfence/

Viewing 1 replies (of 1 total)

WFBrian
(@wfbrian)

10 years, 6 months ago

Hi,

When an IP breaks a rule, for example trying to login with the username ‘admin’, the IP is blocked from accessing your site for the time you have set in your firewall rules. The default time is a 5 minute block. That keeps the IP from accessing your site for 5 minutes but doesn’t prevent another IP from coming along and using the username ‘admin’. When another user comes along using ‘admin’, they will then be blocked for 5 minutes and so on. In short, an attempt at logging in with ‘admin’ must be made before the rule is actually broken and that is why you get an alert when someone fails to login with ‘admin’.

http://docs.wordfence.com/en/Wordfence_options#How_long_is_an_IP_address_blocked_when_it_breaks_a_rule

Hope that helps. Let us know if you have any other questions.
-Brian

Viewing 1 replies (of 1 total)

The topic ‘Login Security Options’ is closed to new replies.

1 reply
2 participants
Last reply from: WFBrian
Last activity: 10 years, 6 months ago
Status: resolved