Title: User authentication failed Last modified: July 24, 2018 --- # User authentication failed * Resolved [iantresman](https://wordpress.org/support/users/iantresman/) * (@iantresman) * [7 years, 11 months ago](https://wordpress.org/support/topic/user-authentication-failed-2/) * My Securi Audit log is showing numerous entries of the format: 08:55 john22 User authentication failed: john22 * There are about 120 log entries per minute, all from the same IP address in China. After about 1000 attempts, the attempt switches to a different user name. This suggests a brute force attack. 1. How could they possibly know which user names to try, as I’ve told no-one? 2. Can I automatically block an IP address after a certain number of failed attempts per minute? * - This topic was modified 7 years, 11 months ago by [iantresman](https://wordpress.org/support/users/iantresman/). Reason: Format - This topic was modified 7 years, 11 months ago by [iantresman](https://wordpress.org/support/users/iantresman/). Viewing 1 replies (of 1 total) * [yorman](https://wordpress.org/support/users/yorman/) * (@yorman) * [7 years, 11 months ago](https://wordpress.org/support/topic/user-authentication-failed-2/#post-10523883) * **How could they possibly know which user names to try, as I’ve told no-one?** * There is an URL in WordPress that receives a parameter where the value is an username. If the username exists, the page redirects to another part of the website. If the username doesn’t exists, it returns a “404 Not Found” HTTP status code. You can read more about this technique here [1]. * **Can I automatically block an IP address after a certain number of failed attempts per minute?** * Yes, you can, but not with this plugin. * There are some free and paid plugins out there that you can use to limit the number of login attempts on a WordPress website. There are better alternatives, like a firewall [2] if you want to get fully protected from all sort of attacks. If you are only concerned about unwanted login attempts, you can give Fail2Ban[ 3] a try. * [1] [https://hackertarget.com/wordpress-user-enumeration/](https://hackertarget.com/wordpress-user-enumeration/) [ 2] [https://sucuri.net/website-firewall/](https://sucuri.net/website-firewall/)[ 3] [https://codex.wordpress.org/BruteForceAttacks#Fail2Ban](https://codex.wordpress.org/BruteForceAttacks#Fail2Ban) Viewing 1 replies (of 1 total) The topic ‘User authentication failed’ is closed to new replies. * ![](https://ps.w.org/sucuri-scanner/assets/icon-256x256.png?rev=2875755) * [Sucuri Security - Auditing, Malware Scanner and Security Hardening](https://wordpress.org/plugins/sucuri-scanner/) * [Frequently Asked Questions](https://wordpress.org/plugins/sucuri-scanner/#faq) * [Support Threads](https://wordpress.org/support/plugin/sucuri-scanner/) * [Active Topics](https://wordpress.org/support/plugin/sucuri-scanner/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/sucuri-scanner/unresolved/) * [Reviews](https://wordpress.org/support/plugin/sucuri-scanner/reviews/) * 1 reply * 2 participants * Last reply from: [yorman](https://wordpress.org/support/users/yorman/) * Last activity: [7 years, 11 months ago](https://wordpress.org/support/topic/user-authentication-failed-2/#post-10523883) * Status: resolved