Brute Force protection doesn't appear to work

  • I’ve got over seven (7) pages of attempts on one of my sites with attackers using the same IP trying to login using “admin”. I’ve had the brute force, “Automatically ban “admin” user” selection checked since day one.

    It would appear that this feature isn’t working. Moreover, since they should also be triggering either the “Max Login Attempts Per Host” or the “Max Login Attempts Per User” (which are both set at “4”) it would appear that this isn’t working either.

    Now I’m more than happy finding out that I’m misunderstanding this feature and perhaps even my logs, but, right now I’m pretty worried that this software isn’t doing even the basics.

    Anyone have any ideas?

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 2 replies - 16 through 17 (of 17 total)

  • 3 months ago and the plugin author reported here:
    “I’ve spoken with the developer, and forwarded your emails to him. We’ve tried to replicate this, and just can’t do it. I’ll speak with him to see if there’s anymore information we can use and correspond with you through the bug report.”

    I’ve got several WordPress installs with this plugin activated along with the “ban anyone attempting to login as admin” block checked… Those installs continually have repeated attempts – from the same IP address blocks – and they continually show up again and again. This is an ongoing problem that doesn’t seem to have any possible resolution. I’m close to simply assuming that IPthemes security (formerly Better WP Security) simply isn’t working like it’s been advertised. I would suggest anyone using it to seriously consider simply dumping this plugin for something else. I’m in the process of switching all my installs over to Wordfence. I’m tired of seeing notices of more and more attempted logins from the same IP addresses that this does nothing to address.

    As others have asked for recommendations? Switch security plugins, and do it soon… This one simply doesn’t provide what it says it will.

    I deleted the plugin and reinstalled it. Back to all features working. The time limit for too many bad logins wasn’t working. This seems to have fixed the issue.

Viewing 2 replies - 16 through 17 (of 17 total)
  • The topic ‘Brute Force protection doesn't appear to work’ is closed to new replies.