Brute force protection not blocking ip

  • Resolved juret

    (@juret)


    7 years, 2 months ago

    Hello,

    I have noticed a brute force attack on wp-login.php (high load > access.log) and so I have installed Wordfence plugin. Attackers ip was not blocked by WF after many unsuccessful login attempts. This looked to me, that brute force protection isn’t working.

    I did also use WPScan to make aggressive brute force atatck on my site:

    ruby wpscan.rb –url domain –wordlist 10_million_password_list_top_1000000.txt –username test

    After 15 min and 5259 / 1000000 failed logins, ip still wasn’t blocked by WF. Username “test” was added to “Immediately block the IP of users who try to sign in as these usernames” list. When using “test” username in brute force attack, ip still wasn’t blocked.

    After this I did few manual login attempts over wp-login.php form. When using username “test” my ip was blocked immediately. Also when tried to login with wrong password 3 times as another user.

    So… my conclusion is that brute force protection works with manual logins using form, but not with direct POST HTTP requests on wp-login.php. Of course there should be no difference. Am I missing something here?

    Kind Regards, Jure.

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi @juret,

    It could be that the POST requests are being handled by some other security software on the server before they can reach Wordfence.

    Could you please check the “Live Traffic” page when you make those POST requests to see if they show up there?

    Thread Starter juret

    (@juret)

    Thanks for the tip. It was Google Captcha plugin handling requests before Wordfence.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Brute force protection not blocking ip’ is closed to new replies.