1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help - Brute Force Login Attempts

Discussion in 'Programming' started by Jenova, Jun 14, 2017.

  1. Jenova

    Jenova Newbie

    Joined:
    Jul 18, 2015
    Messages:
    39
    Likes Received:
    24
    One of my WP based websites gets daily brute force login attempts according to my loginizer plugin logs and lockout emails. Does anyone have any advice on additional measures I could take to at least lessen the frequency of these? Thank you!
     
  2. Sophie

    Sophie Jr. VIP Jr. VIP

    Joined:
    Mar 5, 2009
    Messages:
    2,077
    Likes Received:
    3,616
    Gender:
    Female
    Occupation:
       девушка
    Configure your loginizer's lockout time to 99999 (infinite or for long periods of time). Then change a maximum of just 2 attempts before being locked out.

    Also, you can blacklist that IP that is trying to brute-force entry.

    Alternatively, just rename your wp-login.php to wp-login.ph_ or something... then when you want to log in, just rename it back to wp-login.php.
     
    • Thanks Thanks x 2
  3. LostLife

    LostLife Regular Member

    Joined:
    May 12, 2017
    Messages:
    265
    Likes Received:
    288
    Gender:
    Male
    Occupation:
    Software Engineer
    • Thanks Thanks x 1
  4. Jenova

    Jenova Newbie

    Joined:
    Jul 18, 2015
    Messages:
    39
    Likes Received:
    24
    Wow! Awesome reply. I really appreciate you being so thorough and am making the changes now. Thank you!
     
  5. Jenova

    Jenova Newbie

    Joined:
    Jul 18, 2015
    Messages:
    39
    Likes Received:
    24
    I didn't do that at first because it always seems to be different IPs and I don't really make time to work on that site every day. I guess I will have to. Thanks for taking the time to advise .
     
  6. Alanfort

    Alanfort Newbie

    Joined:
    Sep 28, 2010
    Messages:
    41
    Likes Received:
    14
    Its probably automated, just make sure you have the latest version + some security plugins, bots are crawling and attempt to log-in all the time with dictionary based attacks. Also i would suggest to change wp-login entry point with something like - mycustomlogin.php
     
    • Thanks Thanks x 1
  7. LostLife

    LostLife Regular Member

    Joined:
    May 12, 2017
    Messages:
    265
    Likes Received:
    288
    Gender:
    Male
    Occupation:
    Software Engineer
    No.. ip ban is automated. You dont have to do manually. You can use fail2ban. You can find them on that wordpress link.
     
    • Thanks Thanks x 1
  8. Jenova

    Jenova Newbie

    Joined:
    Jul 18, 2015
    Messages:
    39
    Likes Received:
    24
    I did not know that! This is the best forum in the world.