Failed login attempt with “admin” although instantly lockout is in place

  • Resolved cesare2016

    (@cesare2016)


    1 year, 6 months ago

    I can see numerous failed login attempts in the Audit Log with “admin” (Failed login attempt with a unknown username: admin) although instantly lockout is triggered with admin. I tested it it works.

    But how are these attempts possible then?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support aporter

    (@aporter)

    Hi,

    So the first attempt to login before they are blocked will be recorded, all attempts after that are instantly locked out and no event gets recorded.

    The different attempts should be from different IP addresses and each address should automatically be blocked and appear in your locked IP address table.

    Best Wishes,

    Ashley

    Thread Starter cesare2016

    (@cesare2016)

    Sorry I forgot to say that I have the Cookie based brute force login prevention in place, so there is no known url that hackers can reach.

    So I still wonder where these login attempts come from…

    • This reply was modified 1 year, 6 months ago by cesare2016.
    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @cesare2016

    XML RPC call of wp_getUsersBlogs is trying to authenticate the user that might be the issue.

    WP Security > Firewall > Basic firewall rules tab > Completely block access to XMLRPC , Disable pingback functionality from XMLRPC Please check both and Save.

    Regads

    Thread Starter cesare2016

    (@cesare2016)

    Ok. Thanks. I just switched both on. We’ll see if that works. Will keep you posted.

    Thread Starter cesare2016

    (@cesare2016)

    Thanks. That seems to have worked so far.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Failed login attempt with “admin” although instantly lockout is in place’ is closed to new replies.