Bruce Force Attacks Protection Doesn’t Work

  • Hi there.

    We’ve enabled Wordfence and although the brute force attack protection options are enabled and set correctly, they are not effective at all. And no “blocked logins” are displayed in dashboard or logs. The “hide invalid login” and such features don’t work neither. None of them actually.

    So, I am guessing that somehow Wordfence is not actually breaking into the /wp-login.php login to intercept the requests correctly. Is there some additional configuration that needs to be done to make it work?

    If not, what else could I check to diagnose what it is going on here? Why logins via /wp-login.php are not being correctly intercepted by Wordfence?

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @jonathanvargasr, thanks for reaching out.

    If your Brute Force Protection toggle is set to “ON”, then the site should observe your rules on how many failures and attempts the user is allowed before they’re blocked, and how long they’re locked out for. We generally recommend trying somewhere around?3-5?for login attempts and forgotten passwords in?Wordfence > All Options > Brute Force Protection, counted over?4 hours, with a?30 minute lockout. Is the “hide invalid login” referring to “Don’t let WordPress reveal valid users in login errors”?

    You can test this by accessing your login page from a mobile device (disconnected from wifi, using mobile data, to prevent your other devices being locked out too) and trying to break those rules. If you receive a Wordfence-branded block page as a user then you should also see the event logged in Live Traffic afterwards. You can always unblock your mobile device from the Wordfence > Firewall > Blocking page so you don’t have to wait until the lockout time has elapsed.

    If that doesn’t work and you don’t wish to make your domain public on here for us to test, you could send us a diagnostic as we’ll be able to see it from there. Visit the?Wordfence > Tools > Diagnostics?page. You can send the output to us at?wftest @ wordfence . com. Click on?“Send Report by Email”. Please add your forum username where indicated and?respond here after you have sent it.

    NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.