Permanent Block when attempted login using "admin"

Simply check off “Immediately lock out invalid usernames” under options. Unless you have “ADMIN” as a user, they only get one attempt before they are blocked for up to 60 days. The important thing is to use strong passwords and use a low number or failed login attempts. I have been getting attempts blocked for the actual (obfuscated) admin user which is something like “hez3%QFJ35”.

Hey Robinin Texas,

Thank you for your message.

I looked at that option. The only problem is that I run a membership site and often legitimate mistakes are made be members entering their username incorrectly. It would cause even more issues if these guys had their IP permanently blocked when this happens.

For this reason, it would be great is Wordfence enabled a feature whereby we could nominate the specific common hack usernames such as “admin” to permanently block.

Cheers,
Anthony

Users have been begging for this feature for ages.

In fact, the long going thread is marked resolved although the problem was never addressed. Mark (Wordfence author) commented early in the thread with the suggestion of blocking everyone that makes an attempt that is not recognized as a user.

It has been pointed out time and time again that this method penalizes those who make mistakes typing or who momentarily forget their username. This forces users, if they are not the only useer, to balance between security and usability. There should be no need for this.

I have to conclude that for some undisclosed reason, this is difficult to implement (I can’t imagine why that would be) or that Mark just doesn’t care.

I also have a personal correspondence with Mark, asking for this feature. He responded that he would look to adding it to a future update. That was many, many updates ago.

I started out as a huge fan of this product, bought multiple site licenses and talked it up at WP user’s group meetings. When I saw how many people were clamoring for this feature, I assumed that it would be just a release away, then another release, then another.

Now I’m pissed. I am sick and tired of the dozens and dozens of email alerts telling me that user ‘admin” at such and such IP has been blocked. I routinely scan my alerts for any of my client’s having problems accessing their sites. How to I spot an alert with essential information? If I limit the number of alerts, how do I know I won’t miss an important one.

This is such an easy bone to throw, it seems like Mark and company are too wrapped up in their success and in their development to concern themselves with trifling things like customer service.

I agree with the request, it would be really helpful an option to automatically block “admin” and other unwanted names (a field where the real admin can enter a list would be fine), for a given time.

This I wha looking fot to. Now I got it. Tnx Robin Texas.

For this reason, it would be great is Wordfence enabled a feature whereby we could nominate the specific common hack usernames such as “admin” to permanently block.

This will be in the next release. But don’t take my word for it. My co-founder Kerry posted this about 20 minutes ago:

https://www.ads-software.com/support/topic/large-number-of-failed-logins?replies=3#post-5545076

@davidbrugge My humble apologies sir. As an advocate for our product I’d like to assure you that we’re not resting on our laurels and are taking note of your feedback. There were some core features and fixes we needed to get into the product before we could get on to other feature requests and these caused a delay in us implementing this feature. I can assure you that it will be in the next release and the timeline for this is that we will be releasing a Beta on approximately Friday this week with the production version coming out the following Sunday or Monday depending on how many issues are reported by our Beta testers.

I’m a bit nervous about marking this resolved, but I’m going to go ahead and do that and please trust me that this will be in the next release.

Regards,

Mark.

This feature has been implemented and will be released in the Beta release going out tomorrow and into production later this weekend or Monday.

Regards,

Mark.