Protect – Stats how does it work?

  • Resolved thomasjarvisdesign

    (@thomasjarvisdesign)


    4 years, 4 months ago

    I am working on improving site security for my customers.

    My question is
    What does Jetpack Protect Stats count as a Blocked malicious login attempt?

    I am using a plugin to change the URL of the login page and I have set a .htaccess password over the new page so it is almost impossible to access without knowing the URL.

    I have Jetpack Protect enabled.
    Even with these protection methods in place – It is still blocking about 20 access attempts per day.

    Reason
    I am considering uninstalling Jetpack for speed reasons. If my new security measures are as effective as I think they are – I dont understand why Jetpack is still reporting 20 blocked attempts per day. If someone can confirm what it counts as a blocked attempt that would be great.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Mehdi Benchalal

    (@muffinpeace)

    4 years, 4 months ago

    Hi @thomasjarvisdesign

    The Jetpack Protect feature prevents brute-force attacks on your WP-Login page, and also on the XML-RPC endpoint that’s used to communicate and requests through your site and other plugins.

    It’s also good to know that when an IP address is flagged on a site using Protect, it is flagged on all sites using Protect for a moment, so if that IP visits your site, it’s considered as such.

    There’s no specific data that could be shown to know which particular attacks are happening between those two as we don’t track them, but only how many attempts were blocked. Further reading about that feature can be found below:

    https://jetpack.com/support/protect/

    Best,

    Thread Starter thomasjarvisdesign

    (@thomasjarvisdesign)

    4 years, 4 months ago

    Thanks Mehdi,

    I normally disable XMP-RPC using functions.php. I have just realised that my own website still has XMP-RPC enabled. So I will leave Jetpack Protect on and see if the total blocked continues to rise at the same rate now that I have disabled XMP-RPC.

    I think it must be counting visits to the site from flagged IPs as prevented attempts?

    I have all other Jetpack Modules disabled already and functions.php to remove front end CSS and JS.

    I’ll be rolling out the new security features to all sites on my server anyway but I guess its useful to know the stats on hack attempts and the added protection of a known blacklist is always useful.

    Thread Starter thomasjarvisdesign

    (@thomasjarvisdesign)

    4 years, 4 months ago

    This problem is resolved thanks for the info.

    Thread Starter thomasjarvisdesign

    (@thomasjarvisdesign)

    4 years, 4 months ago

    Anyone else looking for advice on this.

    I have managed to bring the number of hack attempts recorded by Jetpack to zero:

    I used WPS Hide login Plugin to move the login page

    I then used this .htaccess function to password protect the new login page:

    # PASSWORD PROTECT LOGIN
# Do the regex check against the URI here, if match, set the "require_auth" var
SetEnvIf Request_URI ^/yourloginpageuri/ require_auth=true

# Auth stuff
AuthUserFile /location/of/password/file/on/server/ideally/root/.htpasswd
AuthName "Password Protected"
AuthType Basic

# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth

    Disable XML-RPC from functions.php
    XML-RPC is used by mobiles but can allow a brute force attempt to try multiple password attempts in a smaller number of attempts. So if you do not use the WordPress app. Disable XML-RPC.

    // Disable XML-RPC (Login from WordPress App on Phone)
add_filter('xmlrpc_enabled', '__return_false');
Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Protect – Stats how does it work?’ is closed to new replies.