Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security » Totally ineffectual… ?

  • Well, I don’t know… this plugin is very well rated, however its installation in my WordPress didn’t help containing the brute force attacks I’ve been suffering. A couple of ours later my VPS DNS service was down again thanks to a brute force attack to the WP installation protected by this plugin. What can be happening?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author nintechnet

    (@nintechnet)

    How did you configure the “Login Protection” options?

    Always ON, Password,
    XML-RPC API ON
    Bot protection ON
    Authentication log OFF
    Signature OFF

    Plugin Author nintechnet

    (@nintechnet)

    Did you check your server HTTP logs to see if the attack is only targeting the wp-login.php page (or if it targets the whole website), and how many HTTP requests per seconds is it? On a small VPS, NinjaFirewall can handle at least 300 HTTP requests per seconds and on a large one, it can be 1,000+ RPS.

    It was a total of 1765 requests. Not per second. Total. I didn’t check the logs, I can ask the engineer if that’s determinant.

    Plugin Author nintechnet

    (@nintechnet)

    That’s a small attack.
    If your admin can check the log that would help to see what happened, asked them to:
    -check that all requests were blocked by the firewall (it always returns a 4xx error code – either 404 or 403).
    -check that only the wp-login.php page was attacked, not the whole site.

    Also, make sure you don’t have some rewrite rules in your .htaccess that could interfere with the firewall protection, i.e., if you have another security plugin installed.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Totally ineffectual… ?’ is closed to new replies.