Live Traffic shows blocked IPs continue to attack

Hi @jderosa,

There’s two different types of attacks, and they use different block durations.

Amount of time a user is locked out controls how long a user is preventing from logging in, or using the password recovery form. (Note this will still allow them to browse the site normally)

How long is an IP address blocked when it breaks a rule controls how long a user is blocked from accessing your site.

The second duration is found under Brute Force: https://i.imgur.com/adFoeNJ.png

Dave

Thanks. I have the user lockout set to 2 months. I have the IP block set to 1 day.

These are people trying to access xmlrpc.php, which I have explicitly blocked.

How do I see them accessing it 3 minutes apart?

What is this URL that you put for Immediately block IPs that access these URLs in Wordfence settings?

Or did you block xmlrpc using another method?

Dave

/xmlrpc.php

It appears to be working. I get an entry that says that the user was blocked for having accessed a forbidden URL, but then lets them do it again 2 minutes later.

Hi again,

Any suggestions? Same user appears to be still able to attack repeatedly. 12 times within the last hour, even though my How long is an IP address blocked when it breaks a rule is set to 1 day.

My Brazilian Friend

Hello, Dave,

Sorry to be a pest, but any suggestions? I’m concerned that I have something misconfigured, but it seems that this is just how it works.