Malicious login attempts question

The number of malicious login attempts nearly doubled since last night. This is very unusual for my site.

Hi @paulapurple!

These malicious login attempts could be from any bot, hacker, or attempted spammer. You won’t be able to see a detail of each failed login attempt. I find these attempts increase as your site becomes more popular and ranks higher in search engines.

The important thing is that Jetpack’s Protect module is keeping your site safe. It is protecting your login form, and is protecting your site from brute force attacks to its XML-RPC file, so these attempts won’t be successful.

Here’s more about Jetpack’s Security Features:
https://jetpack.com/support/security-features/

Thanks, Lisa! What an awesome program Jetpack is – so grateful for it. I was concerned because I’ve never had so many login attempts in such a short period of time. There were about 1,500 since last night.

Do you recommend other security measures as well?

With Jetpack Protect blocking those attempts, you are in good hands.

For other security measures, I’d recommend keeping every plugin you have installed up to date on the latest version, including WordPress too. Disable any plugins you don’t have in use.

Use a good password. Tips here:
https://codex.www.ads-software.com/Hardening_WordPress#Passwords

I also recommend the Jetpack Monitor module, which will notify you if your site is unavailable, so you can contact your host for assistance.

And always have a good backup system in place so you can easily restore your site if anything unexpected should ever happen.

Many thanks, Lisa.

Hi,

I know this is an older post, but I am wondering if you could answer a question I’ve been having about this notification feature.

I have other plugins installed that are supposed to show failed login attempts, and even though Protect is showing 20, 50, 100 or whatever, blocked login attempts, no IPs or attempts are identified by the other plugins.

What is going on?

Thanks,

Cathy