Wordfence doesn't block brute force attacks

Try enabling the javaScript Console on the scan page and refreshing. If you see any errors in red paste them here. Also set the max execution time to 20 (near bottom of options page).

tim

Thanks for the reply.
I tried to enable Javascript Console on the scan page but no errors were found.
Also the last scan as I can see has finished successfuly since an hour ago which I think it was not finishing yesterday because of the last update you made (btw even before update scans sometime doesn’t finish).
Again I see in the logs that someone probably a botnet is accessing admin-ajax.php too frequently which I think has a relation with the issue that caused WF to never finish/start scans.
Anyway, I’m still unable to get WF to block IPs/brute forcers automatically.

Can we see a screenshot of your options page? Remember to blank out your key and email.

tim

Hi!

I have the same Problem here. There is a bruteforce attack running atm. Live Traffic does not show it in “All Hits”, but in “Logins and Logouts”.

WF doesnt block the IP.

Regards
Volker

I had a similar issue, seems many brute-force attacs tries to verify credentials through XMLRPC and not the regular login. This means they do get logged in Wordfence log as failed login attempts, but they won’t be banned according to any rules set.

I made a quickfix that I pasted in the thread “Feature request: Add support for XMLRPC attacks” if that’s any help, thought it requires modifying wordfence files.

Hi WFSupport
I don’t know exactly which options you want but here’s the full options page.
https://img11.hostingpics.net/pics/393637331.png
https://img11.hostingpics.net/pics/804202322.png
https://img11.hostingpics.net/pics/547723473.png
https://img11.hostingpics.net/pics/836000834.png
https://img11.hostingpics.net/pics/147447415.png
Thank You !

Also I agree with Stingray!
Please add the ability to block xmlrpc brute force attacks.

Thank you everyone for the additional details, we will look into this further.

WFMattR Great News Thanks!
Btw WFSupport, I just found out that scans are starting remotely rather than internally while the “start scans remotely” option is unchecked as you can see from the screenshots given above.
Does WF changes this option automatically when something goes wrong even if the option is kept unchecked or the options changes are not being saved?

I have the same issue.

Altough they are trying for days and they dont get in so far.

But I have set the rules do immediately block if someone tries to log in with admin or test ( they are using this for days now ) but they dont get locked out or blocked as far as the Wordfence page tells me?

Only if I block the IP manually I can see it is blocked.

This does not seem to be normal?

Yes only when you Block IP manually you can see it blocked otherwise no records in lockouts page.
Weird isn’t it?

My host just informed me that my site is under attack too and Worsfence isn’t picking up on it.

Did You set Wordfence to alert you by e-amail and set the desired rules for Wordfence?

I had a different issue yesterday – I got an alert from Wordfence in email that an IP was locked for too many failed login attempts. So I went to my dashboard, looked in my Wordfence options, and it said no IPs locked for failed login attempts. I had to go find it and block it manually. It was clearly someone trying to figure out how to get in, 20 attempts, the last attempt was using “admin” as the username.