Most "attacks" have been thwarted. A few going to new URL.
This plugin is great! Thank you for your work and effort.
I would say 99.9% of attempts have stopped.
However there a few have started on safe-entrance.php.
dmpp, thanks for your feedback. Let us know how many attempts are made on safe-entrance.php
We have some cool stats we can share regarding our own server and how PFF has saved us bandwidth. Just yesterday alone, we counted 5683 attempts blocked.
Thanks for getting back to me.
We’ve had about 10-15 attempts to login to the safe-entrance.php page. Which is WAY better than what we had going on before. We had about 42,000 attempts since mid-November, and 28,000 of those have been since the end of March. So I’m very thankful for your plugin!
I’m using the stop spammers plugin along with yours, so that it blacklists IP’s as well – although they can be easily spoofed.
See: http://wordpress.org/plugins/stop-spammer-registrations-plugin/ It also helps with fake form submissions/spammers a great deal.
Do you have a command prompt script I could use to check the site headers? I’ve tried some web-based ones and they’re all coming back showing me a temp redirect from wp-login.php to safe-entrance.php.
For example, I used this: http://urivalet.com/ and put in the url to my wp-login.php
Here’s what was returned: (I changed my real domain to domain.com in the content below)
1. REQUESTING: http://www.domain.com/wp-login.php GET /wp-login.php HTTP/1.1 Accept: */* Accept-Encoding: gzip Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Accept-Language: en-us,en;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 AlexaToolbar/alxf-2.19 Host: www.domain.com Connection: Keep-Alive SERVER RESPONSE: 302 Found Date: Mon, 12 May 2014 14:16:30 GMT Server: Apache X-Powered-By: PHP/5.4.27 X-Pingback: http://www.domain.com/xmlrpc.php Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Pragma: no-cache Set-Cookie: kpg_stop_spammers_time=1399904192; expires="Mon, 12-May-2014 14:17:32 GMT" Location: http://www.domain.com/safe-entrance.php Content-Length: 0 Connection: close Content-Type: text/html; charset="UTF-8" Redirecting to http://www.domain.com/safe-entrance.php ... 2. REQUESTING: http://www.domain.com/safe-entrance.php GET /safe-entrance.php HTTP/1.1 Accept: */* Accept-Encoding: gzip Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Accept-Language: en-us,en;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 AlexaToolbar/alxf-2.19 Host: www.domain.com Connection: Keep-Alive SERVER RESPONSE: 200 OK Date: Mon, 12 May 2014 14:16:32 GMT Server: Apache X-Powered-By: PHP/5.4.27 X-Frame-Options: SAMEORIGIN Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: kpg_stop_spammers_time=1399904193; expires="Mon, 12-May-2014 14:17:33 GMT" Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/ Set-Cookie: PHPSESSID=l3fikmuoao3onkq79kkl9bhkv1; path=/ Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset="UTF-8" Destination URI: http://www.domain.com/safe-entrance.php
Thanks for the kind words 😀
You shouldn’t be getting a 302 redirect when trying to access <your site>/wp-login.php, should always 403. But you can type the following into your terminal to test that manually:
curl -I <your site>/wp-login.php
By the way, If people start to get smart, PFF will automatically change the login url after 30 or more login failures occur in a minute.
Finally, how do you know those 10-15 attempts weren’t legit login attempts?
Thanks – I will try the cURL command when I get a chance.
I know the login attempts were fake because of the stop spammer plugin. It shows me the username and password that was attempted, along with the IP. Majority of the attempts are like this – same username and password, but the IP is changing:
2014/05/13 08:18:29 96.44.***.**** Gabriel*****/********** /safe-entrance.php
(I masked the IP part of the username and the password)
Weird, are they using the same wrong password several times over? Either way, it sounds like Project Force Field is working as intended on your site.
Since the goal of Project Force Field is to protect WordPress site’s from brute force attacks, there’s not much we can do to help you with those remaining attempts, sorry 🙁
If you don’t mind, though, could you copy some of those nice things you said and paste them into a plugin review 😀 http://wordpress.org/support/view/plugin-reviews/project-force-field#postform
- The topic ‘Most "attacks" have been thwarted. A few going to new URL.’ is closed to new replies.