Fake login

  • Resolved tomv2000

    (@tomv2000)


    1 year, 2 months ago

    Somehow this is quite strange with these “alleged” brute force attempts. I almost can’t believe that the attempts in the log are really real. I somehow have the feeling that the Solid Security Plugin is faking them….! For example, I have a test user who has a user name that nobody knows, apart from the fact that nobody knows the e-mail address 100%. Nevertheless I have several bruteforce attempts on this user. The test user is also not used by anyone except me.
    Has anyone else observed this phenomenon?

    Thanks and greetings

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi @tomv2000,

    Trust me, the Solid Security plugin does not do fake brute force attempts.

    Could it be you are unaware of a method that discloses the sites’ users ? WordPress’ standpoint is that a sites’ users is public info. Which means a vanilla WordPress env does NOTHING to shield users info.

    Can you share the site URL so I (and/or others) can have a look at it?

    Oh, and what “Login Source” value do these invalid login entries have? Click on the “View Details” link to find out. Possible values are:

    • XMLRPC Authentication
    • REST API Authentication
    • Login Page

    +++ To prevent any confusion, I’m not SolidWP +++

    • This reply was modified 1 year, 2 months ago by nlpro.
    • This reply was modified 1 year, 2 months ago by nlpro.
    Thread Starter tomv2000

    (@tomv2000)

    I must apologize for that!
    I did some quick research and found the way to read out the users.

    Deactivating the API should help better.

    Thanks for your help.
    Greetings and have a nice evening.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Fake login’ is closed to new replies.