Viewing 5 replies - 1 through 5 (of 5 total)
  • I have been getting wordfence alerts for the last 3 days about username ” ” being blocked from logging in. I tried using plugins to rename the login page URL but they didn’t work. Today I upgraded to the just released Wordfence upgrade and the alerts have stopped. I saw that it includes a fix that stops lockout alerts for ” ” username. Does this mean that it was a bug and I can breathe easy?

    Your site was being targeted by a Botnet.
    We routinely ban (IP rules/htaccess) ALL traffic from almost all the former USSR states, web servers, bad hosts etc…
    (I can make the list available – but note that it’s very aggressive so many may find it too restrictive.)
    And are always finding more bad sources – often from the WordFence alerts. Basically if someone tries to login with a fake username – that IP gets checked and quite often the host CIDR is banned, permanently.

    No, wasn’t a WordFence bug – was just the way WordFence works – hopefully it still works this way (I for one WANT to know when anyone tries to login, even if with a blank username) or I’ll be backdating to an earlier version…

    I don’t understand why Wordfence would stop alerting us if there’s a botnet attack? I too want to know about them.

    I’d rather not add strict rules to htaccess if I can help it. The last time I did that there were false positives and I had to remove over half the rules.

    I don’t think they stopped the alerts, but just fixed the blank usernames so they now reflect the actual attempted username. The ” (blank) entries have stopped on my sites and am back to ‘admin’ and others.

    Yes, that’s what I meant. But the blank usernames are legitimate attacks, right? I was only getting those alerts before the fix so now I don’t get any.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Multiple failed logins’ is closed to new replies.