Pag ibig jili login app download apk.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved sweetmelody
(@sweetmelody)

11 years, 1 month ago

Within 30 days, my site has experienced 4 rounds of of brutal force attack to wp-login.php, beside the auto login lockdown feature provided by BPS, what else can I do with BPS to safeguard the site?

The hacker is very smart, I don’t know how he detected the 1st & 2nd registrant of the website. All the while, both are targeted.

Please help, this is very scary.

Thanks.

https://www.ads-software.com/plugins/bulletproof-security/

Viewing 4 replies - 1 through 4 (of 4 total)

loafintree
(@loafintree)

11 years, 1 month ago

Limit Login Attempts is excellent at stopping brute force attacks by locking out the IP after a specified number of failed login attempts. Many hackers will now just use another IP address but if you set it to 3 tries before lockout, it will help a lot.

Wordfence Security update today:

“As of 11am eastern time this morning we are monitoring the largest distributed brute force attack on WordPress installations that we’ve seen to date. The real-time attack map on https://www.wordfence.com became so busy that we’ve had to throttle the amount of traffic we show down to 4% of actual traffic.”

Plugin Author AITpro
(@aitpro)

11 years ago

Yes, we have been noticing an increase in Brute Force activity on the internet for a week or so. See “Other Things to protect publicly displayed usernames” below for some additional things you can do.

No big deal and business as usual for us. BPS Login Security has been easily protecting against and blocking 300,000+ Brute Force attacks per month on ours sites since last April – 10 months – without breaking a sweat and without causing any unnecessary website/Server resource drain.

Limit Login Attempts is not bad, but BPS Login Security is of course better. We looked at what all the other Login Security plugins were doing before we created BPS Login Security. BPS Login Security takes the best concepts and methods, has/uses new concepts and methods and leaves all the other useless things behind. Efficient, powerful and simple. Sounded like a commercial there for a second. LOL ??

Other Things to protect publicly displayed usernames
Here are some other things you can do to protect against hackerbots and spambots.

https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/
https://forum.ait-pro.com/forums/topic/user-account-locked/
https://forum.ait-pro.com/forums/topic/revealing-the-admin-or-editor-user-name-and-not-knowing/
https://forum.ait-pro.com/forums/topic/wordpress-author-enumeration-bot-probe-protection-author-id-user-id/

Thread Starter sweetmelody
(@sweetmelody)

11 years ago

Thanks @loafintree for sharing the info, at least I don’t feel alone in this aspect.

BPS, you always shine like a superhero, keep it up!

Plugin Author AITpro
(@aitpro)

11 years ago

Yep, Brute Force Attacks are a regular thing on the Internet and there are surges of increased attacks from time to time.

As you can see from this Sucuri post last year, Brute Force attacks are an ongoing thing these days on the Internet.
Important note: Brute Force attacks are not only launched against WordPress and are launched against any site types that have a database login: WordPress, Joomla, etc…
https://blog.sucuri.net/2013/04/mass-wordpress-brute-force-attacks-myth-or-reality.html

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Brutal Force Attack on wp-login.php’ is closed to new replies.