User authentication failed

  • Resolved iantresman

    (@iantresman)


    7 years, 11 months ago

    My Securi Audit log is showing numerous entries of the format:
    08:55 john22 User authentication failed: john22

    There are about 120 log entries per minute, all from the same IP address in China. After about 1000 attempts, the attempt switches to a different user name. This suggests a brute force attack.

    1. How could they possibly know which user names to try, as I’ve told no-one?
    2. Can I automatically block an IP address after a certain number of failed attempts per minute?
    • This topic was modified 7 years, 11 months ago by iantresman. Reason: Format
    • This topic was modified 7 years, 11 months ago by iantresman.
Viewing 1 replies (of 1 total)
  • yorman

    (@yorman)

    7 years, 11 months ago

    How could they possibly know which user names to try, as I’ve told no-one?

    There is an URL in WordPress that receives a parameter where the value is an username. If the username exists, the page redirects to another part of the website. If the username doesn’t exists, it returns a “404 Not Found” HTTP status code. You can read more about this technique here [1].

    Can I automatically block an IP address after a certain number of failed attempts per minute?

    Yes, you can, but not with this plugin.

    There are some free and paid plugins out there that you can use to limit the number of login attempts on a WordPress website. There are better alternatives, like a firewall [2] if you want to get fully protected from all sort of attacks. If you are only concerned about unwanted login attempts, you can give Fail2Ban [3] a try.

    [1] https://hackertarget.com/wordpress-user-enumeration/
    [2] https://sucuri.net/website-firewall/
    [3] https://codex.wordpress.org/BruteForceAttacks#Fail2Ban

Viewing 1 replies (of 1 total)

The topic ‘User authentication failed’ is closed to new replies.