Attempted logins from hosting companies

  • Resolved lvthm

    (@lvthm)


    1 year ago

    Hi, I’ve had the AIOS plugin activated on my site for a while and used to get little to no attempted login notifications. Recently, I’ve started to receive a lot of attempted login notifications. I renamed the login page, enabled captcha, etc., but this seemed to make it even worse somehow. The notifications are still coming through and I’m worried they might log in and inject malware as one of them tried a ton of times with my correct username. All of the attempted logins are from hosting companies. Probably bots, but I find this quite strange? They use a different IP address with each attempted login. I do have Cloudflare activated on my site. Could Cloudflare be the cause? If so, how can I fix this security issue? Any help/advice will be greatly appreciated.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support aporter

    (@aporter)

    Hi,

    Sorry about the delay.

    Is the login page cached? I’ve had a look at your site and can’t find any login pages and can see the default wp-login has been renamed.

    Can you confirm that the captcha appears on your login forms?

    You could also try turning on login lockout to block the IPs who fail with multiple attempts.

    Best Wishes,

    Ashley

    Thread Starter lvthm

    (@lvthm)

    Hi Ashley,
    Thank you so much for getting back to me!
    The login page is excluded from caching only in the cache plugin that I use. My hosting provider told me that they cannot disable server cache for the renamed login page without upgrading. I am not sure if this is a problem.

    Thankfully, my hosting provider seems to have resolved the bot login issue. For anyone who wants to know what to ask your hosting provider to do to help: they said they added a few “deny from” rules in my .htaccess file to try and ensure my account is not wasting processes on bots. So far, this seems to be have stopped the constant attempted logins. Thank you once again.

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @lvthm

    Glad to know issue is solved,

    It seems your hosting provider might have denied access from certain IPs.

    If still any issue with invalid login attempt, Please make sure you have below options on. You also can cross check in Audit log Failed login is not XML RPC call of wp_getUsersBlogs in stack trace.

    WP Security > User login > Login lockout tab – Enable login lockout tab with option lockout invalid usernames.

    if stop user enumeration not on It might be the reason your admin username exposed – WP Security > Miscellaneous > User enumeration tab check there

    XML RPC call of wp_getUsersBlogs is trying to authenticate the user. – WP Security > Firewall > Basic firewall rules tab > Completely block access to XMLRPC , Disable pingback functionality from XMLRPC Please check both and Save.”

    Regards

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Attempted logins from hosting companies’ is closed to new replies.