Bruteforce attacks

  • Resolved alinedaei

    (@alinedaei)


    9 months ago

    Hello everyone

    I had 25,000 attacks in last 48 hours. I changed my login page from wp-admin to another url weeks before that but it didn’t help. Also I set password for wp-admin folder too from my host, but all of these actions didn’t help.

    What should I do to solve this problem? How can they find my folder password? How they solve my reCAPTCHA which I used to protect my login form?

    Please help me to solve this problem.

    Best Regards

    Ali Nedaei

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @alinedaei

    WP security > Dashbaord > Audit logs check do those are Failed Login events?

    If yes it might be due to XML RPC call of wp_getUsersBlogs is trying to authenticate the user. You can verify in audit logs from stacktrace if is of wp_getUsersBlogs call or not

    WP Security > Firewall > PHP rules tab > Completely block access to XMLRPC , Disable pingback functionality from XMLRPC Please check both and Save.”

    If that is not the case please cross check the Audit log stack trace from where they try to do brute force login attempts. If possible you can share it with me using https://pastebin.com/

    Regards

Viewing 1 replies (of 1 total)
  • The topic ‘Bruteforce attacks’ is closed to new replies.