I am having the same issue as Max. I opened my inbox this morning to 85+ notifications about blocked login attempts beginning around 3am for “admin” and “test” usernames, neither of which exist.
I, too, have the “Instantly Lockout Invalid Usernames” option set. I changed the login page slug about an hour ago, yet I am still getting notifications every one to five minutes. I updated the plugin prior to changing the slug, so it’s not outdated. The strange thing is that I haven’t gotten any notifications for over a month, and all of sudden they’re flooding in. I can’t keep up with black listing them all!
Hi can you check to make sure the following is enabled under Firewall -> Basic Firewall Rules.
Enable Pingback Protection:
Thanks mbrsolution. The last failed login attempt was at 8:30pm. It’s strange how the logins suddenly stopped… And how they suddenly began yesterday morning, as I mentioned. I will enable pingback protection from now on. Thanks again!
Sometimes bots will just target a site and go crazy. If you feel that you are being targeted, maybe think about enabling the “Cookie based brute force prevention” feature at that time. Then after a day or two when the bots move on, you can turn that feature off.
Also, you can turn off the email notification temporarily too. The bots will just try and fail then move on. Then you can re-enable the notification if you want.
I’ve tried the Pingback Protection setting but was told it interfers with WordPress iOS app.
The main problem isn’t that I use the app a lot but rather the opposite. When I open the app the next time I will have no idea why it’s not working which will occupy my time (which I don’t have).
Would it be possible to fine tune the reporting in your plugin in a future version? If I don’t have an account named “admin” and get 300 login attempts per hour for the account “admin” it’s not much to worry about. I would surely like to know that something is going on but I don’t need a mail for each instance.
I don’t have any thought out suggestions but perhaps it could be possible to send the email once per hour with info about what happened, something like: “123 attempts to login with the account: admin. 0 attempts to login with your active accounts”
I’m sure you can see other alternatives too.
@mas Beta, does the latest version work better for you?
I am marking this thread as resolved. No replies in 8 months.
Thank you
