WordPress.org

Support

Support » Plugins and Hacks » Wordfence Security » [Resolved] User locked out from signing in | Happening every 4 minutes

[Resolved] User locked out from signing in | Happening every 4 minutes

  • Hi, for nearly the last 24hrs I have been getting these alerts and dont know what to do – they are happening every 4 minutes – I have received well over 200 alerts and still going:

    A user with IP address xxx.xxx.xxx.xx has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username ‘admin’ to try to sign in.
    User IP: xxx.xxx.xxx.xxx
    User hostname: xxx-xxx-xxx-xxx.abcdef.ghijkl.com.tw

    Help???

    CR xx

    https://wordpress.org/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)
  • You can change the amount of time an IP is locked out for using a bad login name in the options. Login Security OptionsAmount of time a user is locked out.

    For example, I have one site where I am the the only user, so I use the following:

    • Enforce strong passwords? – Force all members to use strong passwords
    • Lock out after how many login failures – 3
    • Lock out after how many forgot password attempts – 3
    • Count failures over what time period – 10 minutes
    • Amount of time a user is locked out – 60 days
    • Immediately lock out invalid usernames – true
    • Don’t let WordPress reveal valid users in login errors – true
    • Prevent users registering ‘admin’ username if it doesn’t exist – true

    On another site where I do have users, I use the following:

    • Enforce strong passwords? – Force all members to use strong passwords
    • Lock out after how many login failures – 3
    • Lock out after how many forgot password attempts – 5
    • Count failures over what time period – 10 minutes
    • Amount of time a user is locked out – 10 minutes
    • Immediately lock out invalid usernames – false
    • Don’t let WordPress reveal valid users in login errors – true
    • Prevent users registering ‘admin’ username if it doesn’t exist – true

    Hope that helps!

    Plugin Author Wordfence

    @mmaunder

    Thanks @asmaloney.

    @creativered you can disable those email alerts if you want to. We had a very big password-guessing attack over the weekend:

    Wordfence WordPress Security Plugin

    The attack as you can see has now stopped.

    Regards,

    Mark.

    Ahhhh, thanks so much to both of you!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Resolved] User locked out from signing in | Happening every 4 minutes’ is closed to new replies.
Skip to toolbar