Locked out login attempts

Hi, in some cases having two security plugins might not work well. Depending on the settings you enable in both plugins. If you enable similar settings in both security plugins it can cause a conflict.

You should really choose one or the other. If you must have both then find out what changed before the problem begun.

The plugins have been co-existing for months ever since I first installed them. And WordFence doesn’t have an alternative login page as WP Security offers. I don’t really have conflicting settings as far as I can tell.

I understand but something changed in your website or else this would not have occurred? Did you update any plugins, your theme, did anything changed in your server? Did you update WordPress?

Yes, all of those things occurred.

Hi, you have to work out which of the above has caused the problem between both plugins.

Actually, any conflict in between the two plugins has nothing to with the original question here. I am running this plugin on multiple sites, some without wordfence installed.

What seems to be happening is somehow the website is still being attacked from multiple ip’s targeting the username “test”.

This is particularly odd, like op originally posted, the default wp login page has been changed and is no longer, or should no longer be /wp-admin .

SO the question is, how is the website being attacked at the new url, by trying to brute force with username “test” and what can be done to put a stop to this.

I am getting a deluge of these attempts. Between three websites being targeted, over 200 attempts a day. This just started about 3 days ago.

Hi can you check to make sure you have the following enabled Enable Pingback Protection: located under Firewall tab.

Can you also try and set up the Cookie Based Brute Force Prevention under Brute Force feature.

i have enabled pingback protection on some of the sites, but Cookie Based Brute Force Login Prevention was setup on almost all of them.

@pyromania666 can you start a new support thread please.

Thank you

Pyromania666,
Try the following:
using a browser go to your website URL and add xmlrpc.php
Eg,
yoursite.com/xmlrpc.php

Note: if you have installed wordpress in a subdirectory and not root then you would type:
yoursite.com/<name of your subdir>/xmlrpc.php

Tell me what you see when you do the following.

Well I’ll chime in on this one…

some of my sites result in: XML-RPC server accepts POST requests only.

while others report: 403 Permission Denied You do not have permission for this request /xmlrpc.php

On a site that i know for a fact a few of these Site Lockouts with username “test” i just tried what @wpsolutions said and i get a standard 404 page “You 404’d it. Gnarly, dude.” LOL.

@wpsolutions, let me know if that helps or if there is anything you wish me to try. I got sites that have only “All In One WP Security” installed and others that have AIOWPS and Wordfence.

I have turned on pingback requests in the firewall, and i still have to see if those specific site are getting hit still. It must be the same bot, since the username it’s using is “test” but the IP keeps changing.

I’m getting test and administrator

Pyromania666,
If the pingback protection rule is enabled and working properly you are supposed to get a 403 response and not a 404 (Page not found).
It is likely that you are typing in the wrong URL path to the xmlrpc.php file.

cnymike,
For the sites where you are not getting a 403 response, is the pingback protection feature turned on and are those the sites where you are getting lockout notifications?