Title: username empty attack Last modified: July 17, 2024 --- # username empty attack * Resolved [laellou](https://wordpress.org/support/users/laellou/) * (@laellou) * [1 year, 10 months ago](https://wordpress.org/support/topic/username-empty-attack/) * I have a lot of attacks * “This email was sent from your website “JDG” by the Wordfence plugin at Wednesday 17th of July 2024 at 09:26:25 AM A user with IP address 111.90.148.123 has been locked out from signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 3. The last username they tried to sign in with was: ”.The duration of the lockout is 4 hours.User IP: 111.90.148.123User hostname: server1.kamon.laUser location: Kuala Lumpur, Malaysia » * I have change the login page, * block the access on my CDN except for France for wp-admin, login.php and account/ lost-password and for my login page * XML-RPC is deactivated * So I don’t understand how is it possible and how is is possible that ” The last username they tried to sign in with was: ‘’. * Username is empty ?  * Could you help me ? * Best regards, * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fusername-empty-attack%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/) * (@wfpeter) * [1 year, 10 months ago](https://wordpress.org/support/topic/username-empty-attack/#post-17897224) * Hi [@laellou](https://wordpress.org/support/users/laellou/), * Largely speaking we would say having a large amount of activity attempting to access a WordPress website is a fairly normal occurrence. We generally believe a manual blocking regime is unnecessary, but you can attempt permanent blocks if you’re concerned about site speed or resources. If it’s not really affecting legitimate users and their experience on your site, they may not need to be permanently blocked and you can leave Wordfence to just continue dealing with them in real- time. * However, in the specific case of why precisely a Malaysian IP is trying to log in when you’ve taken steps to block other countries using a CDN is down to the accuracy or strictness of that setting. Whilst I was unable to access your website from an IP registered in the USA, I **was** able to access the site from IPs registered in [Malaysia](https://whatismyipaddress.com/ip/146.70.15.18), amongst a few others. * Many thanks, Peter. * [generosus](https://wordpress.org/support/users/generosus/) * (@generosus) * [1 year, 9 months ago](https://wordpress.org/support/topic/username-empty-attack/#post-17910203) * Hey [@laellou](https://wordpress.org/support/users/laellou/), * As [@wfpeter](https://wordpress.org/support/users/wfpeter/) suggested, check your CDN WAF (country blocking) rule to make sure it’s set up properly. Also, keep in mind your CDN could have been temporarily disabled (i.e., in development mode) when that event occured. * At our end, we’re blocking Malaysia using a [Cloudflare WAF rule](https://prnt.sc/VmNf5DLfRXLB) with no issues. * Let’s be thankful Wordfence is doing a great job to protect our sites. * If satisfied with the above, please close this topic as “**Resolved**.” * Thank you! * ———————– * **Note:** Please consider upgrading to [Wordfence Premium](https://www.wordfence.com/products/pricing/) which allows you to block Countries and many other bad actors. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘username empty attack’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) ## Tags * [attack](https://wordpress.org/support/topic-tag/attack/) * [brute force](https://wordpress.org/support/topic-tag/brute-force/) * 2 replies * 3 participants * Last reply from: [generosus](https://wordpress.org/support/users/generosus/) * Last activity: [1 year, 9 months ago](https://wordpress.org/support/topic/username-empty-attack/#post-17910203) * Status: resolved