“Immediately block the IP of users” Consistently Fails

Hello @ranald and thanks for reaching out to us!

The Immediately block the IP of users feature will only work for usernames that DO NOT exist on your site. This is a good way to catch bots from attempting to log in as “admin”.

Any username you add here will cause an IP to be blocked if they try to log in with that username. You can add usernames that are frequently used in brute force attempts such as “admin” or your domain name without the top domain. Make sure that the usernames you add to this list are not identical or similar to real usernames on your system since this could cause legitimate users to get blocked if they make a typo.

https://www.wordfence.com/help/firewall/brute-force/#lockout-usernames

Let me know if this helps!

Thanks!

Thanks for the reply. This is exactly how it has been behaving – blocks usernames that DO NOT exist on the site – only. Does not block currently existing usernames.

This is a big disappointment. I (and the user in question) would be tremendously more secure if we could block the existing username – which was under tremendous brute force attack – thereby stopping the attack and stopping the likelihood of user’s password being guessed and used for whatever nefarious purpose intended. This would not only improve the site security, but also users security.

Username could be quickly and easily returned to use after the attack was over, none the worse for wear.

Thanks again.

My best recommendation is for that user to either change their account login name or use a strong password alongside 2FA. Wordfence should do its job in limiting login attempts from specific IP addresses.

Let me know if you have any other questions!

Thanks again!