Title: [Plugin: Login Security Solution] wordpress Security using login security solution Last modified: August 20, 2016 --- # [Plugin: Login Security Solution] wordpress Security using login security solution * Resolved [roxor](https://wordpress.org/support/users/roxor/) * (@roxor) * [13 years, 8 months ago](https://wordpress.org/support/topic/plugin-login-security-solution-wordpress-security-using-login-security-solution/) * Hi, I get a lot of emails _(600-1000 emails)_ daily saying “Your website, is undergoing a brute force attack.” from Login Security Solution plugin. I am using WP 3.4 and Login-Security-Solution 0.21.0 It is a multisite subdomain install.( 1,605 sites and 1,834 users.) Some mails are like * > Your website, NAME, is undergoing a brute force attack. > There have been at > least 5860 failed attempts to log in during the past 120 minutes that used > one or more of the following components: Component Count Value from Current > Attempt ———————— —– —————————– Network IP 243 58.213.46 Username 5860 kdsjfkwef496 > Password MD5 5859 017d6dd98b4c263ea6fcd7ce4ae32186 * Others are like * > Your website, kdsjfkwef496, may have been broken in to. > Someone just logged > in using the following components. Prior to that, some combination of those > components were a part of 2538 failed attempts to log in during the past 120 > minutes: Component Count Value from Current Attempt ———————— —– —————————— > Network IP 2538 71.4.228 Username 2538 kdsjfkwef496 Password MD5 0 ed96f784c58cbc81f550f9b9f6041e33 > The user has been logged out and will be required to confirm their identity > via the password reset functionality. * What should i do about them, this really scares me off. My settings are here [http://www.mediafire.com/view/?uvv51897d2ocn9g](http://www.mediafire.com/view/?uvv51897d2ocn9g) What other measures should I take ? I have also installed these plugins alongside for more security. Stop Spammers Plugin (also shows similar statistics) * > Stop Spammers has stopped 2552 spammers since 2012/08/12 * Limit Login Attempts Plugin (also shows number of lockouts with IP) * > 91.207.6.174 brunoshindelsr (1 lockout), terrencepanicort (1 lockout), darellcolborncb( > 1 lockout), nevillekoharazq (1 lockout) > 46.23.76.52 wordpress (1 lockout), > pools (2 lockouts), saunas (1 lockout) * Akismet says (has protected your site from 2,385 spam comments already.) SI Captcha etc.. Thank-you * [http://wordpress.org/extend/plugins/login-security-solution/](http://wordpress.org/extend/plugins/login-security-solution/) Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Author [Daniel Convissor](https://wordpress.org/support/users/convissor/) * (@convissor) * [13 years, 7 months ago](https://wordpress.org/support/topic/plugin-login-security-solution-wordpress-security-using-login-security-solution/#post-2966343) * Are those the exact user names and quantities in the emails, or have you altered them? * Are you behind a proxy, load balancer, etc that presents WP with a given (set) of IP addresse(s) in `REMOTE_ADDR` instead of WP receiving each user’s actual IP address? * I couldn’t see your settings because mediafire is requires JavaScript. You’ll probably want to increase the “Failure Notification” number so you don’t get soooo many emails. * Thread Starter [roxor](https://wordpress.org/support/users/roxor/) * (@roxor) * [13 years, 7 months ago](https://wordpress.org/support/topic/plugin-login-security-solution-wordpress-security-using-login-security-solution/#post-2966344) * Nope, I haven’t altered anything. [today’s mail](http://farm9.staticflickr.com/8286/7788899802_29d60f494c_b.jpg) [inside those emails](http://farm9.staticflickr.com/8421/7789164824_5ea54e77b3_b.jpg) [my settings](http://farm8.staticflickr.com/7133/7788898174_64cb0401fd_b.jpg) * > Are you behind a proxy, load balancer, etc that presents WP with a given (set) > of IP addresse(s) in REMOTE_ADDR instead of WP receiving each user’s actual > IP address? * I don’t understand fully the terms but F.Y.I. i have rented a shared server for testing plugins and themes for the site before it finally rolls out. And the registration & members are mostly spams, I allowed that because I wanted to know how much resources n management would it need and also learn about scalibilty issues ..etc Do you think this is because of shared host & IP. And security would eventually get better when I start with dedicated servers and IPs ? * Plugin Author [Daniel Convissor](https://wordpress.org/support/users/convissor/) * (@convissor) * [13 years, 7 months ago](https://wordpress.org/support/topic/plugin-login-security-solution-wordpress-security-using-login-security-solution/#post-2966354) * Hi Roxor: * Wait a second. You’re letting random people (and robots) sign up for accounts on your site? In all seriousness, you are compromising the security of everyone on the Internet. * Please read the “Securing Your WordPress Site is Important” section from the Description page of my plugin at [http://wordpress.org/extend/plugins/login-security-solution/](http://wordpress.org/extend/plugins/login-security-solution/). * Blow away your existing WordPress installation. Now. * I’d guess your domain name’s reputation is shot, plus miscreants will continue to try to use any WP install you put up on it. Seems like you need a new domain. * Good luck, * –Dan * Thread Starter [roxor](https://wordpress.org/support/users/roxor/) * (@roxor) * [13 years, 7 months ago](https://wordpress.org/support/topic/plugin-login-security-solution-wordpress-security-using-login-security-solution/#post-2966356) * I am NOT using the actual domain what I have planned and saved to use for my project. Its just a cheap test domain. And i have chosen it wisely as i knew this would effect the quality of the domain in long term, So i picked up a name( wrongly spelled) which probably no-one would ever use. Well i didn’t realize that i am compromising everyone’s security on the Internet this way. Thanks for the information Daniel. I will refresh my wordpress installation right away. * Plugin Author [Daniel Convissor](https://wordpress.org/support/users/convissor/) * (@convissor) * [13 years, 7 months ago](https://wordpress.org/support/topic/plugin-login-security-solution-wordpress-security-using-login-security-solution/#post-2966357) * Roxor: * Thanks for being reasonable. Glad you were thinking ahead with the domain name. I suggest disabling the ability of the general public to create accounts. * There are many tools out there for benchmarking websites to determine what you’ll need in the way of resources. One example is `ab` (Apache Benchmark). There’s no need to open your site up for public logins. * For the remainder of your testing, you may want to set up some `.htaccess` or server level rules to only permit access to the site from the IP addresses you( and your associates) are coming in from. Example: * Order deny,allow Deny from all Allow from 81.83.1.8 Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘[Plugin: Login Security Solution] wordpress Security using login security solution’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/login-security-solution.svg) * [Login Security Solution](https://wordpress.org/plugins/login-security-solution/) * [Frequently Asked Questions](https://wordpress.org/plugins/login-security-solution/#faq) * [Support Threads](https://wordpress.org/support/plugin/login-security-solution/) * [Active Topics](https://wordpress.org/support/plugin/login-security-solution/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/login-security-solution/unresolved/) * [Reviews](https://wordpress.org/support/plugin/login-security-solution/reviews/) ## Tags * [login](https://wordpress.org/support/topic-tag/login/) * [spams](https://wordpress.org/support/topic-tag/spams/) * 5 replies * 2 participants * Last reply from: [Daniel Convissor](https://wordpress.org/support/users/convissor/) * Last activity: [13 years, 7 months ago](https://wordpress.org/support/topic/plugin-login-security-solution-wordpress-security-using-login-security-solution/#post-2966357) * Status: resolved