WordPress.org

Forums

Wordfence Security
[resolved] User locked out from signing in | Happening every 4 minutes (4 posts)

  1. CreativeRed
    Member
    Posted 1 year ago #

    Hi, for nearly the last 24hrs I have been getting these alerts and dont know what to do - they are happening every 4 minutes - I have received well over 200 alerts and still going:

    A user with IP address xxx.xxx.xxx.xx has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username 'admin' to try to sign in.
    User IP: xxx.xxx.xxx.xxx
    User hostname: xxx-xxx-xxx-xxx.abcdef.ghijkl.com.tw

    Help???

    CR xx

    https://wordpress.org/plugins/wordfence/

  2. asmaloney
    Member
    Posted 1 year ago #

    You can change the amount of time an IP is locked out for using a bad login name in the options. Login Security Options - Amount of time a user is locked out.

    For example, I have one site where I am the the only user, so I use the following:

    • Enforce strong passwords? - Force all members to use strong passwords
    • Lock out after how many login failures - 3
    • Lock out after how many forgot password attempts - 3
    • Count failures over what time period - 10 minutes
    • Amount of time a user is locked out - 60 days
    • Immediately lock out invalid usernames - true
    • Don't let WordPress reveal valid users in login errors - true
    • Prevent users registering 'admin' username if it doesn't exist - true

    On another site where I do have users, I use the following:

    • Enforce strong passwords? - Force all members to use strong passwords
    • Lock out after how many login failures - 3
    • Lock out after how many forgot password attempts - 5
    • Count failures over what time period - 10 minutes
    • Amount of time a user is locked out - 10 minutes
    • Immediately lock out invalid usernames - false
    • Don't let WordPress reveal valid users in login errors - true
    • Prevent users registering 'admin' username if it doesn't exist - true

    Hope that helps!

  3. Wordfence
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks @asmaloney.

    @creativered you can disable those email alerts if you want to. We had a very big password-guessing attack over the weekend:

    http://www.wordfence.com/

    The attack as you can see has now stopped.

    Regards,

    Mark.

  4. CreativeRed
    Member
    Posted 1 year ago #

    Ahhhh, thanks so much to both of you!

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Wordfence Security
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags