I found my error in thinking (after analyzing the plugin’s code). It’s only logged if a existing username is provided, but a wrong password. I assumed that also attacks with non-existant usernames would be analyzed because that is what bruteforce attacks also do quite often.
Maybe a future feature of the plugin ?
Hi,
Yes, you are right! The plugin protects and shows only attempts to hack the existing accounts.
Sure, we are going to add protection against all brute-force attacks to next updates. Just to save hosting CPU from unwanted traffic.
Fabulous! Looking forward to the updates then.
Hi dragon013,
We have updated the plugin,
https://downloads.wordpress.org/plugin/security-malware-firewall.1.4.2.zip
The new version includes attempts to brute force accounts names as well as brute force passwords.
Thanks.
Hello,
I updated and tested it. So far, it looks good.
Thanks!
You are always welcome!
Thank you for great feedback and keeping us up to date.
