IPSet + ipTables + Wordfence and still…

  • Resolved Maurice

    (@mhason)


    4 years, 3 months ago

    Hi, this question may not be directly related to Wordfence, but since Wordfence is highly involved I decided to ask it here anyway, hoping that someone will shed some light on this enigma.

    I want to understand why my websites are getting hit with brute login attempts (which Wordfence is blocking), despite all the security measures I applied to my server environment. Here is my configuration:

    • Websites are proxied through Cloudflare
    • Cloudflare firewall rules are configured to drop any URI containing /wp-admin or /wp-login
    • ipset is installed on the server (Debian 10.x fully managed by me) and blocking several countries’ full CDIRs
    • iptables is configured to drop any connection that matches the ipset banned lists
    • Each WP site has WP Hide Login installed
    • Each WP site has Wordfence installed

    Despite all these measures, Wordfence on all my websites is reporting about users being locked due to invalid usernames, or SQL injection attempts, etc. There are days that I get 100s of email alerts, and I don’t understand how these brute force login attempts even make it to the login page if the page is hidden, and the IPs are blocked.

    Any ideas, please?

    Thanks!

Viewing 1 replies (of 1 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @mhason and thanks for reaching out to us!

    Could you provide some screenshots of the traffic that is hitting your site and being blocked for these reasons? I want to see if there is anything in common with them.

    It is normal for sites to be probed for login weaknesses and security flaws so seeing the blocks would be normal.

    Thanks!

Viewing 1 replies (of 1 total)
  • The topic ‘IPSet + ipTables + Wordfence and still…’ is closed to new replies.