How to block login attempts by user “#profilepage”

  • For the most part, Limit Login Attempts Reloaded has been working great. However on one site, I’ve been getting a lot of IPs trying to login as user “#profilepage”. That’s not a real user so they’ll never actually get logged in, so that’s not an issue. I’ve entered that as well as just “profilepage” into the block list, but it continues to appear in the lockout log. It’s as if the “#” is somehow allowing these attempts to bypass the plugin’s block list. If that’s the case, this could become the source of a DoS attack.

    Does anyone have any ideas of what I may need to adjust to actually block login attempts from this odd username?

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter scotthco

    (@scotthco)

    Any ideas on this folks?

    Plugin Author WPChef

    (@wpchefgadget)

    Hello, our plugin doesn’t block IPs. It makes it impossible for an attacker to successfully log in. To them it will look like a game but they can’t win it. This is why you will still see IPs trying to connect even though they’ve been blocked. We think this article should be helpful to you: https://www.ads-software.com/support/topic/how-to-block-login-attempts-by-user-profilepage/

    Thread Starter scotthco

    (@scotthco)

    Hi WPChef:

    I figured it can’t block something like an actual firewall does, but there is a section called “Blocklist” so….

    However I wasn’t talking about an IP block anyway. On your Logs tab, under Blocklist, there’s a box for usernames. Are you saying that people or bots are still able to attempt to login using “blocked” usernames??? If that’s the case, then trying to block someone from entering non-existent usernames really has no effect, is that right? If the username doesn’t exist, they can’t login with it anyway, so no point in putting it in the list?

    And by the way, the article you cite above that should be helpful to me, that’s MY article.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘How to block login attempts by user “#profilepage”’ is closed to new replies.