Thanks for the report!
Can you confirm how many users you have please?
We check the passwords of the following users roles:
administrator, editor, author, contributor
Thread Starter
Panos
(@xpanos)
Only one. The administrator. The site its on air and not in offline mode.
Instead of that, after checking our emails, Wordfence plugin found out that there were many login tries with our admin username (to mention that its not ‘admin’ or something easy to find) and that our security plugin will block for some hours our admin user from login in. Checking on our live traffic or with other ways if there is a compromise, its not and there was not try to login, not from human or bot. Our thinking is coming back on that once again and we think that when we run this test (the Weak Password security check) this problem with attempted login tries, happens because of that.
Thread Starter
Panos
(@xpanos)
Of course to mention that this only one user(admin) has a strong password already and we use 2FA authentification as an extra precaution, that provided from Wordfence plugin.
Ah, the weak password check actually works like a brute force attack under the hood. We didn’t think that it would trigger any brute force protection mechanisms from third-party plugins.
We’ll have a look into it, and hopefully have a fix sometime later tonight.
Sorry for the inconvenience!
Thread Starter
Panos
(@xpanos)
Thats alright @ethicalhack3r .. You already DO a great job! π
Thank you for been around! :))
Thank you π
We have just released version 1.14.1 which should fix your issue.
Let us know if you have any further issues.
Thread Starter
Panos
(@xpanos)
After installing the version 1.14.1 the problem solved. If by problem solved means that we run the test and get a message “We were not able to brute force the password of any privileged user” π
Regards
-
This reply was modified 1 year, 4 months ago by
Panos.
