Sceptical Wordfence Claims | WordPress.org

ripefruit
(@ripefruit)

8 years, 6 months ago

I too liked Wordfence but I have to admit I have become very sceptical of Wordfence claims.

The best example I can offer is a web site where we have modified two very important security elements.

1. We have blocked access by IP address to the login page. No-one except my IP can even see the admin login page. Now I can hear everyone

saying that there are ways around this, which brings me to #2.

2. Using a clever plugin, I have changed the page name (file name) of the login page. Even if a user bypassed the IP security, they have no idea

where the login page is (/login-xyz-456).

So then, what has WordFence blocked when it sends me this email..

This email was sent from your website “XYZ” by the Wordfence plugin at Saturday 10th of October 2015 at 08:20:09 AM
The Wordfence administrative URL for this site is: http://www.xyz.com.au/wp-admin/admin.php?page=Wordfence

A user with IP address 181.160.215.189 has been locked out from the signing in or using the password recovery form for the following reason: Used

an invalid username ‘admin’ to try to sign in.
User IP: 181.160.215.189
User hostname: 181-160-215-189.baf.movistar.cl
User location: Concon, Chile

Not one blocked email either, hundreds. So what does it think its blocking?

The topic ‘Sceptical Wordfence Claims’ is closed to new replies.

Tags

In: Plugins
0 replies
1 participant
Last reply from: ripefruit
Last activity: 8 years, 6 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics