Flooded with brute force login attempts

  • Resolved pierregielen

    (@pierregielen)


    8 months, 2 weeks ago

    Since a few weeks now, our site is flooded with brute force login attempts, a couple of dozens every day. Until now, no one has succeeded in getting in and even if they would guess a working username/password combination, they will only encounter the second level of protection, 2FA.

    I have not seens this much illegal login attempts since I have changed the url of the login page (wp-admin) to something else, so I am wondering how it is possible that hackers can still come this far and reach the login page. Is there a bypass somewhere in the AOIWP plugin or in wordpress?

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @pierregielen,

    Can you please cross check stacktrace from WP Security > Dashboard > Audit log for Failed login, It will have file stack trace how the user try login.

    If possible you can share it with me also using https://pastebin.com/ burn after read option.

    Failed Login attempt is possible due to XML RPC call of wp_getUsersBlogs is trying to authenticate the user.

    WP Security > Firewall > PHP rules tab > Completely block access to XMLRPC , Disable pingback functionality from XMLRPC Please check both to enable and Save.”

    Regards

    Thread Starter pierregielen

    (@pierregielen)

    Thank you,

    I have followed your advice and completely disabled XMLRPC. Hopefully this will bring the number of brute force attempt down.

    In the trace of the illegal login attempts is can see they are indeed using “blogger_getUsersBlogs” via class-wp-xmlrpc-server.php, but also via class-IXR-server.php.

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @pierregielen,

    Yes, disablling XML RPC. such failed login attempts will be down.

    It should be xmlrpc.php the script called and class-wp-xmlrpc-server.php, class-IXR-server.php. will be in stack trace to execute blogger_getUsersBlogs.

    If still issue let us know.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Flooded with brute force login attempts’ is closed to new replies.