Block IPs of all 'admin' logins

This would be an awesome feature. This week my sites have been hit heavily with admin login attempts.

Mark, I’m adding my vote for multiplicity’s suggestion!

I haven’t seen an auto-block on the other security plugins I’ve tried, and I think it would be an outstanding, time-saving addition to Wordfence. If it’s possible to do, pretty-please consider adding it.

Rather amusingly, I came here specifically to ask for this, and it happens someone else has already posted about it. I was sitting there, scanning down the list for the word admin and clicking “block” over and over and over. After about 5 minutes I realized this is something that should only take me one or two clicks. Either a check box next to each entry in the Live Traffic and a bulk action block button (which may be the quick fix solution), or an auto-block of any IP that tries to log in with a definable list of login names. Like Multiplicity has done, I have also removed the “admin” account, and have seen attempts to login as manager, qwerty, sysadmin, aaa, test, support, user, administrator, admin1, and root (that’s just from a quick glance at todays list).

Wordfence is awesome, I absolutely love it, you guys and gals have done a great job with it. Thank you very much.

There is an option in Wordfence to automatically block attempts to login with an unknown user. Wouldn’t that take care of the problem?

Good stuff… I’d love this feature too. The trouble with the blocking of all unknown users is that sometimes people make typos then get erroneously blocked out… having a blacklist like “admin” “editor” “moderator” etc… would be super helpful.

seems a new tactic is out today…. I’m getting a new IP trying to access “admin” every 2 or 3 seconds… from a completely different country every time. Blocking is no use!

Blocking “admin” really ought to just be default (until these jokers figure out something else)

I’m putting my vote in for this as well.

None of the sites I build (60+) ever use an “admin” user. If someone tries it, they should be forever banned.

I’m also seeing a fair number of “administrator” and “adminadmin” users.

I’ve increased the block time to 60 days on those sites which only have a few legal users. Still, I’d rather just see them all go straight to the bit bucket.

being hit today with admin attempts as well – any ideas?

Wordfence allows you to immediately lock out invalid usernames. Recently the added the feature “Prevent users registering ‘admin’ username if it doesn’t exist” which I am glad for. However, my block list is heavy… I get hits for admin, adm, administrator, adminadmin, manager, user, … When a brute force attack comes across my sites, just blocking invalid usernames makes the block list long and cumbersome. I wish I could get the User-Agent function to work… However, for now I block all these invalid user names for 2 days and then release them. If, during those 2 days, I’m constantly attacked by a temporarily blocked IP address, (it shows you how many times a blocked IP attempts to break in whilst blocked) then I block them permanently.

Typically, if one of my sites is attacked, then the rest will also get attacked because most of my sites are on the same server. So by
letting your host know where most of the attacks are coming from allows your host to block out a country either temporarily or on a more permanent basis. This helped me last week when I was attacked by Ukraine, Federation of Russia, Romania, Iran and China.

Today is a far different list.

I’m putting my vote in for this as well.

Hi All,

We already have a feature that lets you “Immediately lock out invalid usernames”.

The idea is that you create a new admin account with a different username, delete the old admin account and if anyone tries to sign-in with admin or any other invalid username they’re immediately blocked.

Please let me know how you’d like this feature changed, if at all and I’ll get it taken care of.

Regards,

Mark.

PS: The blocks that are created when you “Immediately lock out invalid usernames” are not permanent, but I don’t recommend permanent blocks because most IP addresses on the Net are dynamic so you’ll end up blocking a good guy when the baddie gets assigned a different IP.

Regards,

Mark.

Thanks Mark

I think I’d also like control of being able to manage the invalid usernames that fence is supposed to be blocking. I’m seeing a LARGE uptick in the amount of ADMIN user names making an attempt to login. I don’t believe that the FENCE is stopping them or they would not change their IP and try it again.

At very least I’d like to see some kind of block being able to get set up and controlled by the administrator to not allow that IP access for x period of time. And it be shown somewhere that this is working with a list of IP’s blocked and usernames.

I vote for this as well as “Immediately lock out invalid usernames” doesnt work! For instance I dont have admin user and I had few attempts from same IP adress as admin user with no lock out.