Immediately lock out invalid usernames still doesn’t work correctly

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hey @beantown123,

    Are you able to share screenshots of your settings and the login URL? If you’d prefer them to be private you can email them to [email protected]. Please include your username, a link to this thread, and update this thread in case it’s missed.

    Please let me know.

    Thanks,

    Gerroald

    Thread Starter beantown123

    (@beantown123)

    Ok thanks. Just emailed it.

    Hi @beantown123,

    This is caused by the attackers sending empty password strings.

    I did some testing:

    – I submitted [login] as the username and as the password -> which resulted in the Yellow warning icon

    – I submitted [login] as the username and password as the password on your website (which begins with dog) and I was blocked.

    From my testing, it looks like your site is blocking the usernames properly. Wordfence should be more clear that because the password is empty – it doesn’t consider it as an attempt (because empty passwords do not count as logins).

    Dave

    Thread Starter beantown123

    (@beantown123)

    Ok that makes sense. Thank you. I had a few final questions if you didn’t mind:

    1. Is there anything I can do with these attempts with no password?

    2. Do blocked attempts take up less resources on my server than attempts that get the warning?

    Thanks again.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Immediately lock out invalid usernames still doesn’t work correctly’ is closed to new replies.