“Immediately block IPs that access these URLs” intermittently not working??

  • I’ve noticed in the last week or so, even though I have /wp-login.php set as a “Immediately block IPs that access these URLs” option, there are a number that are still getting through without being blocked…

    Sample from the Live Traffic:

    India Chennai, India tried to access non-existent page https://XXXXXX.com/wp-login.php
2016-12-19 6:25:20 AM (9 hours 58 mins ago)   IP: 117.241.72.85 [block]   Hostname: 117.241.72.85
Browser: Firefox version 0.0 running on Win7
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1
    Romania Zarnesti, Romania tried to access non-existent page https://XXXXXX.com/wp-login.php
2016-12-19 5:46:03 AM (10 hours 38 mins ago)   IP: 86.123.179.56 [unblock]   Hostname: 86-123-179-56.dynamic.brasov.rdsnet.ro
Browser: Firefox version 0.0 running on Win7
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1

    These should be coming up as “Blocked for accessing a banned URL”, but they’re not… however, *some* are getting blocked properly… strange, no?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter bluebearmedia

    (@bluebearmedia)

    Just to add – I’m using the WPS Hide Login plugin to disable the standard login URL in order to allow Wordfence to trap it as a blocked page.

    This was working well until very recently, where both plugins were updated. I suspect WPS Hide Login changed something that caused a different priority for the URL trapping where Wordfence doesn’t even see the invalid URL to be able to block it, but that’s only my hypothesis.

    Mountain Guy – have you noticed any change in behaviour between WPS Hide LOgin and Wordfence on your sites?

    • This reply was modified 8 years, 2 months ago by bluebearmedia.

    Hi,
    Sorry for my late replay, I was checking “WPS Hide Login” and the other “Rename wp-login.php” plugins and I got the same behavior with both of them, I mean I got “wp-login.php” URL redirecting to “404 Page not found”, I’ve checked with my colleagues if there is something changed from our side that might cause this issue, but that doesn’t seem to be the case.

    As mentioned in the documentation, “Immediately block IP’s that access these URLs” must be used with a page that does not exist on your website, so blocking access to this existing URL isn’t currently fully supported, but that might be considered in the future.

    For now, I suggest checking “How to Limit Access by IP to Your wp-login.php” and “Password protect wp-login.php” via .htaccess file as an alternative solution.

    Thanks.

    Thread Starter bluebearmedia

    (@bluebearmedia)

    “…must be used with a page that does not exist on your website…”

    Interesting… but something must’ve changed in the latest version, because WF definitely WAS blocking wp-login.php when it was in my block URL list prior to the latest WF update.

    This used to work as I had implemented it on several sites, but since 6.2.9, it stopped working!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘“Immediately block IPs that access these URLs” intermittently not working??’ is closed to new replies.