Title: False Positive Mails?? Last modified: September 7, 2017 --- # False Positive Mails?? * Resolved [derkaan](https://wordpress.org/support/users/derkaan/) * (@derkaan) * [8 years, 9 months ago](https://wordpress.org/support/topic/massive-false-positive-mails/) * Hi, * We receive many alert mails from our Sucuri installation with warnings that somebody tries to login into our blog. (Just today about 30 – 50) The strange thing is, that we removed the wp-login.php at all and checking the web server logs doesn’t reflect these attempts to login. * The explanation and suggested solutions doesn’t work for us. Either disabling alerts or to buy the website-firewall. * Could you explain how sucuri detects login attempts that doesn’t appear in the web server log files nor without an wp-login.php? * **This is one example alert mail:** ———————– INFORMATION: Website: OurDomain. de IP Address: 34.204.53.45 Date/Time: 07/09/2017 15:17 MESSAGE: User authentication failed: admin * Explanation: Someone failed to login to your site. If you are getting too many of these messages, it is likely your site is under a password guessing brute- force attack [1]. You can disable the failed login alerts from here [2]. Alternatively, you can consider to install a firewall between your website and your visitors to filter out these and other attacks, take a look at Sucuri Firewall [3]. * [1] [https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing](https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing) [ 2] [https://OurDomain.de/wp-admin/admin.php?page=sucuriscan_settings](https://OurDomain.de/wp-admin/admin.php?page=sucuriscan_settings)[ 3] [https://sucuri.net/website-firewall/](https://sucuri.net/website-firewall/) * **Details the plugin readme.txt:** === Sucuri Security – Auditing, Malware Scanner and Security Hardening === Stable tag: 1.8.11 - This topic was modified 8 years, 9 months ago by [derkaan](https://wordpress.org/support/users/derkaan/). - This topic was modified 8 years, 9 months ago by [derkaan](https://wordpress.org/support/users/derkaan/). Viewing 2 replies - 1 through 2 (of 2 total) * Thread Starter [derkaan](https://wordpress.org/support/users/derkaan/) * (@derkaan) * [8 years, 9 months ago](https://wordpress.org/support/topic/massive-false-positive-mails/#post-9476606) * Just rescanned the log files and found that the attempts came from the access to xmlrpc.php. The file is now protected from external access. I will update this thread it the alter mails continue. * [yorman](https://wordpress.org/support/users/yorman/) * (@yorman) * [8 years, 9 months ago](https://wordpress.org/support/topic/massive-false-positive-mails/#post-9476942) * I couldn’t answer before because this post was flagged as spam by the WordPress forums. Now it is public, but the original poster was able to find the information to answer his own question. For more information, if anyone is curious about this, please refer to this article [1]. * [1] [https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html](https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html) Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘False Positive Mails??’ is closed to new replies. * ![](https://ps.w.org/sucuri-scanner/assets/icon-256x256.png?rev=2875755) * [Sucuri Security - Auditing, Malware Scanner and Security Hardening](https://wordpress.org/plugins/sucuri-scanner/) * [Frequently Asked Questions](https://wordpress.org/plugins/sucuri-scanner/#faq) * [Support Threads](https://wordpress.org/support/plugin/sucuri-scanner/) * [Active Topics](https://wordpress.org/support/plugin/sucuri-scanner/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/sucuri-scanner/unresolved/) * [Reviews](https://wordpress.org/support/plugin/sucuri-scanner/reviews/) * 2 replies * 2 participants * Last reply from: [yorman](https://wordpress.org/support/users/yorman/) * Last activity: [8 years, 9 months ago](https://wordpress.org/support/topic/massive-false-positive-mails/#post-9476942) * Status: resolved