Delete Failed Login records

Hi John, have you got the following feature set up Rename Login Page under Brute Force? If you don’t you should enable this feature it should reduce the amount of failed logins. But only allow this if your don’t have users login in.

In regards to your comment.

Also, if the send email notification option is activated, you get information about the actual IP address of the originating IP not just the range of IP’s anyway this can be included in one of the logs please?

The plugin developers will investigate further your request.

Thank you

After I raised the thread i did activate the the option Rename Login Page, and cleared the logs of failed Logins, however now several hours after that event i have over 100 entries in the Locked IP Addresses Log…How does this happen have the hackers worked out the new wp-admin page address already….. i would doubt it so what is going wrong please.?

Thanks

John

Do you have any of the following enabled?

Completely Block Access To XMLRPC:
Disable Pingback Functionality From XMLRPC:

Located under Firewall -> Basic Firewall Rules.

Yes i have the option

Disable Pingback Functionality from XMLRPC selected

THX

John

Update.

I deselected the option DISABLE PINGBACK FUNCTIONALITY FROM XMLRPC and i am still seeing 9 Failed login records and only 5 Locked out IP addresses

What is happening please?

Hi, can you provide the list of plugins you have installed? Your issue is not common.

Regards

I have sent you the list of plugin on two accasions and i cannot seem to get them to register with you.

what am i doing wrong?

John

I sent this response in earlier, but it does not appear to be registering. on the Forum

Hello,

Here it is:-

404 to 301 2.3.3 https://thefoxe.com/products/404-to-301/
All In One WP Security 4.1.7 https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
Black Studio TinyMCE Widget 2.2.12 https://www.ads-software.com/plugins/black-studio-tinymce-widget/
Childify Me 1.0.15 https://github.com/eri-trabiccolo/childify-me
Cookie Notice 1.2.36.1 https://www.dfactory.eu/plugins/cookie-notice/
Google XML Sitemaps 4.0.8 https://www.arnebrachhold.de/redir/sitemap-home/
Map Me 1.1.3
Official StatCounter Plugin 2.0.1 https://statcounter.com/
Google Analytics for WordPress 1.1 https://www.ads-software.com/plugins/pc-google-analytics/
Post Types Order 1.9 https://www.nsp-code.com
Regenerate Thumbnails 2.2.6 https://www.viper007bond.com/wordpress-plugins/regenerate-thumbnails/
UpdraftPlus – Backup/Restore 1.12.23 https://updraftplus.com
Wp-Insert 2.1.5 https://www.wp-insert.smartlogix.co.in/

thx

John

Are all the above plugins up to date? Are they compatible with the latest WordPress version 4.6.1?

There are no outstanding Updates for anything on this site.

Are they all compatible with the 4.6.1 version of WP i believe so but will check.

Will get back to you

John

There are 2 plug in that indicate they are not tested with 4.6.1

They are Google XML Sitemaps

and

WP insert

John

Hi John, those two plugins that you mention are okay because I use them myself and with this security plugin. There has to be something else in your site that is causing this. Can you check the plugin log files and the server log files.

Thank you

Hello,

I am a novice at this do you mean that i need to enable logging in the wp-config file?

John

Hi John, log into your site as admin and go to WP Security -> Dashboard -> AIOWPS Logs to check the plugins logs files. Then also go to WP Security -> Filesystem Security -> Host System Logs to check your server log files.

Let me know if you need more help.

Regards

Hello,

AIOWPS logs (both files) were empty

This is what is in the server error log since this morning.

[Wed Oct 12 03:59:34 2016] [warn] RSA server certificate CommonName (CN) `Parallels Panel’ does NOT match server name!?
[Wed Oct 12 03:59:36 2016] [warn] RSA server certificate CommonName (CN) `Parallels Panel’ does NOT match server name!?
[Wed Oct 12 04:11:27 2016] [error] [client 66.249.76.55] File does not exist: /var/www/vhosts/glandorevillage.ie/httpsdocs/robots.txt
[Wed Oct 12 04:11:27 2016] [error] [client 66.249.76.54] File does not exist: /var/www/vhosts/glandorevillage.ie/httpsdocs/apple-app-site-association
[Wed Oct 12 04:14:20 2016] [error] [client 66.249.66.106] File does not exist: /var/www/vhosts/glandorevillage.ie/httpsdocs/.well-known
[Wed Oct 12 04:15:07 2016] [error] [client 66.249.76.55] File does not exist: /var/www/vhosts/glandorevillage.ie/httpsdocs/.well-known
[Wed Oct 12 04:15:20 2016] [warn] RSA server certificate CommonName (CN) `Parallels Panel’ does NOT match server name!?
[Wed Oct 12 07:05:49 2016] [warn] [client 217.115.117.27] mod_fcgid: read data timeout in 60 seconds, referer: https://glandorevillage.ie/wp-cron.php?doing_wp_cron=1476252288.1298949718475341796875
[Wed Oct 12 07:05:49 2016] [error] [client 217.115.117.27] Premature end of script headers: wp-cron.php, referer: https://glandorevillage.ie/wp-cron.php?doing_wp_cron=1476252288.1298949718475341796875

The 2 IP’s listed above one is Google and the other is the Hosting company Ip itself…. but the rest of the info does not make any sense to me i am afraid.

Strangely i have no User login errors and i have no IP Temporary Locked out.

John