Title: Settings WordPress login security Last modified: June 6, 2023 --- # Settings WordPress login security * Resolved [dianedeboer](https://wordpress.org/support/users/dianedeboer/) * (@dianedeboer) * [3 years ago](https://wordpress.org/support/topic/settings-wordpress-login-security/) * My site is flooded with fake users which (I think) use the wordpress login for this. How can I prevent this in the settings of AIOS? * The site is a forum: This forum uses the wordpress login screen for login of the forum. * Thank you in advance * Diane * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsettings-wordpress-login-security%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * (@hjogiupdraftplus) * [3 years ago](https://wordpress.org/support/topic/settings-wordpress-login-security/#post-16800342) * Hi [@dianedeboer](https://wordpress.org/support/users/dianedeboer/) * You should enable login lockout for invalid attempts. stop user enumeration and xml rpc ping back * WP security > User login > Login lock out tab there enable login lockout also check “Instantly lockout invalid usernames:”. * WP Security > Miscellaneous > User enumeration tab check there stop user enumeration and save * WP Security > Firewall > Basic firewall rules tab > Completely block access to XMLRPC , Disable pingback functionality from XMLRPC Please check both and Save – XML RPC call of wp_getUsersBlogs is trying to authenticate the user which may be issue as bot. * Also you can enable captcha on login page using WP security > Brute force > Captcha settings. * Also if you can change the link to the login page for end user you should use renamed login page. * WP security > Brute force > Rename login page. Enable the renamed login * Regards * Thread Starter [dianedeboer](https://wordpress.org/support/users/dianedeboer/) * (@dianedeboer) * [3 years ago](https://wordpress.org/support/topic/settings-wordpress-login-security/#post-16803916) * Thank your for this. I have checked everything accept Renaming login page. I will have to read about this before doing. * With regards * Diane * Thread Starter [dianedeboer](https://wordpress.org/support/users/dianedeboer/) * (@dianedeboer) * [3 years ago](https://wordpress.org/support/topic/settings-wordpress-login-security/#post-16803917) * I wil close this ticket now. * Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * (@hjogiupdraftplus) * [3 years ago](https://wordpress.org/support/topic/settings-wordpress-login-security/#post-16803959) * [@dianedeboer](https://wordpress.org/support/users/dianedeboer/) * Ok, Would you mind writing a quick five-star review? * [https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/#new-post](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/#new-post) * Reviews also help others to make confident decisions about our plugin. Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Settings WordPress login security’ is closed to new replies. * ![](https://ps.w.org/all-in-one-wp-security-and-firewall/assets/icon-256x256. png?rev=2798307) * [All-In-One Security (AIOS) – Security and Firewall](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/) * [Active Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/) ## Tags * [loginform](https://wordpress.org/support/topic-tag/loginform/) * 4 replies * 2 participants * Last reply from: [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * Last activity: [3 years ago](https://wordpress.org/support/topic/settings-wordpress-login-security/#post-16803959) * Status: resolved