Blocking repeated malicious login attempts

  • Yesterday and last night, someone was trying to login to one of my sites repeatedly. They were using a nonexistent user name for each of these attempts.

    Normally, his happens every once in a while (not repeatedly as it was yesterday) and I’ll get notified via email and then go and manually block the IP.

    In the case of this attack(?) I just couldn’t keep up. I was literally getting like 40 email notifications at once. This morning I had over 100 waiting in my inbox.

    Thankfully it has stopped, but I had a question about Wordfence functionality. It’s my understanding that failed login IPs are not blocked automatically, something that would have been really handy in this instance, although they are locked out based on my settings. On this site, someone is locked out for 6 hours after 5 failed attempts.

    I’m wondering if there’s a way to automatically block the IPs, so I can just be sure I don’t have to worry about these particular IPs again?

    https://www.ads-software.com/plugins/wordfence/

Viewing 1 replies (of 1 total)

  • My opinion is that it isn’t worth the time to block specific IPs. They usually change. And if they’re hammering away at invalid usernames, they’re not going to make any headway.

    I bump up the login lockout time to 30 days and leave it alone. I don’t even bother with email alerts of failed logins.

Viewing 1 replies (of 1 total)
  • The topic ‘Blocking repeated malicious login attempts’ is closed to new replies.