Need Clarification on Blocking

  • Resolved pao2

    (@pao2)


    4 years, 4 months ago

    When WF blocks/locks out an IP for wp-login.php brute force, does it:
    1. Prevent said IP from attempting further brute force on wp-login
    2. Prevent said IP from even accessing wp-login according to the specified lock out duration

    If #2 is true, then why does WF still log subsequent brute force attempts by said IP within the lock out duration, which consequently still increase server load (the attempts, not the logging)?

    Can someone shed a light on this?

    Can the blocking/lock out method be used to limit access to wp-login page completely (within lock out duration ofc), so further hits/attempts would not be possible unless we unblock the IP?

Viewing 1 replies (of 1 total)

  • That’s a great question but there is something that you need to understand.
    No plugin, server firewall, or anything short of physically going to the location sending the request and disconnecting them from the internet will prevent an IP address from being able to try to get to your site.
    All anyone can do is mitigate the impact of the attempts. Our block page is purposely designed to limit the amount resources required to do so. Further, if you are running the firewall in Extended Protection mode by optimizing it it loads before your site does, further reducing any load it might add to the site since WordPress, your theme, and all your other plugins never are not loaded when the IP is blocked.

    I hope this helps answer your question.

    Tim

Viewing 1 replies (of 1 total)
  • The topic ‘Need Clarification on Blocking’ is closed to new replies.