1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Seeing failed Wordpres log ins that are not me

Discussion in 'White Hat SEO' started by crsx1, Dec 23, 2014.

  1. crsx1

    crsx1 Newbie

    Joined:
    Aug 8, 2014
    Messages:
    46
    Likes Received:
    0
    Hey guys. I have the free Wordfence plugin and it always emails me when I log on, but recently starting last night I've noticed that there have been attempts to log into my site that are not me. They are using 'admin' as the username which won't get them too far. Are there any steps to take to eliminate log in attempts like this or are they normal? The failed log ins get locked out after 20 and I get notified of that.
     
  2. whynotmakeit

    whynotmakeit Power Member

    Joined:
    Feb 26, 2012
    Messages:
    550
    Likes Received:
    284
    Very common these days and they seem to come and go in waves. Set the lock out settings lower if it makes you feel better, but not having admin is a great start....and having a great password....
     
    • Thanks Thanks x 1
  3. Zwielicht

    Zwielicht Moderator Staff Member Moderator Jr. VIP

    Joined:
    Aug 31, 2013
    Messages:
    7,135
    Likes Received:
    12,587
    Gender:
    Male
    Occupation:
    Reaper
    Location:
    Riverside, California
    Home Page:
    It looks like someone is trying to brute force their way into your website. I'm assuming you have a plugin such as Login Lockdown since you said they get locked out after 20 attempts. I had someone try to do this to one of my websites about 3 months ago, so I just set the login attempt limit to 3.

    Another great plugin you could use is Rename wp-login.php. It intercepts the request for the WP-Login.php and the WP-Admin.php file (rendering WP-Login and Wp-Admin inaccessible) and allows you to access your Wordpress dashboard from a different file name. Since I've installed both of these plugins, I haven't had anyone attempt to brute force their way into my website.
     
    • Thanks Thanks x 3
    Last edited: Dec 23, 2014
  4. J-S-T

    J-S-T Jr. VIP Jr. VIP

    Joined:
    Jul 27, 2013
    Messages:
    1,252
    Likes Received:
    624
    Gender:
    Male
    Location:
    Fb and BHW
    I am using Wordfence Security Plugin and Limit login attempts, Both are free and works great.

    The above suggestion is also good.

    This is Normal, Do not worry.
     
    • Thanks Thanks x 1
  5. upstarter

    upstarter Regular Member

    Joined:
    Apr 29, 2014
    Messages:
    333
    Likes Received:
    46
    Why did you set the lockdown limit to 20? Set it to 5 or 3 attempts and a lockout time of 24 hours.
     
    • Thanks Thanks x 1
  6. workshopper

    workshopper Newbie

    Joined:
    Dec 23, 2014
    Messages:
    12
    Likes Received:
    2
    Yes, don't have anything default. Changing your username as well as password simply makes everything difficult for them.
     
  7. crsx1

    crsx1 Newbie

    Joined:
    Aug 8, 2014
    Messages:
    46
    Likes Received:
    0
    Good info guys. Yes it was set at 20 by default and I never had any problems until recently so I'm addressing them. Of course my username isn't admin so any brute force login is a lot tougher. Wordfence seems to have a lot of options for logins and lockout stuff which I've tightened up. dang hackers.
     
  8. SharkServers

    SharkServers Jr. VIP Jr. VIP

    Joined:
    Jun 29, 2014
    Messages:
    418
    Likes Received:
    194
    Occupation:
    Web Hosting
    Location:
    DMCA? Pff! www.SuckMyBallsDM.CA
    Home Page:
    You would be surprised how many bruteforce attempts there are, even on systems that are not advertised publicly (say, private file server that nobody knows about). It's just automated tools that script kiddies use to try and get in. It could be that it's not even you being targeted - they might be trying to break into everything their script has in its way. As others already mentioned - as long as you don't use the default username and some very simple passwords, it would be extremely hard, if not nearly impossible for someone to get in by bruteforce alone. If you find those failed login attempt notifications annoying, do as someone already mentioned and change the location of the login script to another name.
     
  9. sysco32

    sysco32 Jr. VIP Jr. VIP

    Joined:
    Feb 5, 2014
    Messages:
    607
    Likes Received:
    226
    Location:
    Skopje/Pecs
    You will be surprised by the hacking amounts daily.As long as you see that they are trying you are fine,when it stops...I had the same with wordfence/very difficult password,not saved anywhere,virus - malware-trojan free system etc/ They were trying so much that at the end they managed to break into my site and created another 2 admins.
    That was the end of wordfence for me :)