Increased Attacks on sites invalid User NoneNone

I’ve noticed this on my site as well. Have you tried adding the username to the WordFence Brute force username block list? “Immediately block the IP of users who try to sign in as these usernames “

Hi @portdesign, thanks for your message.

We had our first mention of the “NoneNone” user attempts last week and were unable to find anything particularly remarkable about them such as targeting a new plugin exploit. As far as we can see, they’re part of a brute force attack coming through XML-RPC.

If you’re not using plugins that require it, the setting to disable XML-RPC authentication can be done by checking the “Disable XML-RPC authentication” box in Wordfence > Login Security > Settings. Manual attempts to access the XML-RPC file itself are common to be tried by attackers so you could add the following code to .htaccess:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

Thanks,

Peter.

Ive been seeing the same login attempts and just added NoneNone to the WF brute force list. Thanks for that idea!

wfpeter’s .htacccess idea worked better for me
the NoneNone was still appearing
The htaccess seems to stop them beforehand

thanks everyone

Thanks @portdesign, I appreciate the feedback and glad it’s worked for you.

Just as an aside, if this is not a working solution for you @kevinsos or @jcoder90, please feel free to start a new topic as per the forum guidelines, we can better help our customers if topics concentrate on the specific issues for a single user. We’ll always be glad to help!

Thanks,

Peter.