Hi, wordfence doesn't block brute force attack.

Hello zm11011,
I’m guessing that you are getting so many requests so quickly that Wordfence doesn’t have time to count them? Could you try setting “Lock out after how many login failures” to 2, set “Amount of time a user is locked out” to 1 hour. Let me know if that helps.

You can also instantly ban someone when they try to log in with a specific username. This is what I have found is most effective for stopping brute-force. If they are trying to log in with “mydomain.com” as username, add this under the setting “Immediately block the IP of users who try to sign in as these usernames”.

Hi.

I changed it to 2 and tested it, it works, but 2 is too low as real user could attempt more than 2.

Anyway wordfence should block attacks from bot as well even if they request so fast. isn’t it?

If IPs that are Locked Out from Login, are they disappear from blocked list after locked out time past? if so is there a way to check history/logs of any blocked list?

Thank you.

Hello zm11011,
Wordfence tries to block as quickly as possible but if requests are coming in faster than your site is able to process the logs of those requests you can end up with multiple hits before something is blocked. It depends on how fast they are coming.

IPs that are unblocked due to the blocked time expiring on them are not logged. Wordfence tables “rotate” to prevent them from growing too large so anything that is not permanent will disappear as it is replaced by more fresh data.

It might be an idea to keep block times in sync with how often you are able to go through the list of recent blocks. I have block time set to one day. That way I can go through the list of blocks once per day and see if anyone deserves a permanent ban.

Hi.

Today I got similar log-in try 265 times in 5 min.

but wordfence doesn’t block at all.

It was with user name admin which I stated on Immediately block the IP of users who try to sign in as these usernames.
but wordfence did not block it and can not find from live traffic on Logins and Logouts, I could find those from All hits.

I sent out email reply on support ticket with screenshots for my wordfence options and live traffics if you are the same person who is looking at emails.

I bought this plug-in mainly for preventing brute force attacks. but it doesn’t block.

Please let me know.

when I try log-in with admin user my self it blocked immediately, but I don’t know how they pass it?

Also, It doesn’t sends email alerts even I got blocked with log-in try testing.

Hello zm11011,
the plugin should definitely help you stop brute force attacks. I’m not sure what’s going on but if a premium staff is looking at it I suggest you wait for their answer.

Okay. I was waiting for their reply, but it takes so long.

It blocked when I did few tests, but it didn’t send me any alert emails.
I could see on blocked list, but I got alert email.

*I never got alert emails.

Can you email me your premium ticket number? Send it to [email protected]. Thanks in advance.

Hi.

Just emailed you. Thank you.

Hi Peter

I actually have your case. You sent a case in Saturday night. Even though our support staff has hours of operations and this was outside of them I answered you on Sunday afternoon with a request for a screenshot since to view the link you sent I would have to be logged in. I see that you said you had sent a screenshot back but I have not received any replies, nor has the system generated any new tickets for you. Asa is sending you a response with the ticket url. Please login to wordfence.com and update the ticket there.

tim

Hi.

I just replied it with email, anyway I will make reply on wordfence.com again.

I updated ticket on wordfence.com, but no reply since I updated it yesterday.