Q about a specific WF Blocking Feature
-
Hello.
I get a fairly high amount of the https://mywebsite.com/wp-login.php attempts per day so I’m wondering if there is a way to block those. The majority of the attempted logins is the same source I’m sure because the country changes for each one but it is always the same browser, so they seem to be using IPs from other countries to do the login attempts. There are only two other countries that attempt logins but they make far fewer attempts (maybe 5 a day) and they rotate to different IP once I block them but they stay within their country.
Sorry for the long intro but now the question regarding a feature in the OPTIONS menu in WF. It states:
‘Immediately block the IP of users who try to sign in as these usernames’ a box to the left is the area where you can enter the usernames. Below that box where the usernams would be entered it says ‘(One per line. Existing users won’t be blocked.)’
I’ve often looked at it but was afraid of putting anything other than admin in there (as I don’t use admin as a login) so I’m confident I can’t lock myself out. However the attackers constantly use my wp login name (not sure how they found that out but I’m guessing it was likely in the first year when I started my site (2016) my foolish and ignorant self had a pretty much open site to the world with lots of security holes displayed to the world and no security plugin such as the awesome WF to protect it.
What I’m wondering is the part where is says “existing users won’t be blocked”, does that mean I can put into the box the user name that I currently use and I still won’t be locked out?
NOTE: I just checked the FAILED login tab and for some reason there are no failed logins listed other than the two I had recently…how can that be when they are making so many login attempts daily?
Also if I could ask another quick one, I was once locked out by entering the wrong PW twice (i had caps lock on and didn’t realize it) and I panicked like crazy with beeds of sweat starting to form on my forehead and heart pounding as I couldn’t figure out what to do lol..i can laugh now but it was dreadful feeling that time). Luckily I had set the duration lockout time to a fairly short period so I was able to try again and was able to get in back to my site after a short time passed but during that time it made me realize I don’t get any emails from WF even though I put the corrct email address in where it asks for it. I’ve NEVER rec’d an email from WF, any idea why?
-
wfalaa, I don’t use FTP and don’t have access to an ftp program and frankly don’t have a lot of experience using it. I used to use IPswitch free one from years ago when I used to have a non WP HTML website I had made on my own, I used to use that FTP program but it is no longer free.
I had already read that FAQ you linked but that’s why I’m still afraid of locking myself out as I don’t have or use FTP.
I guess that means I could probably do it via my Ubuntu command window? Assuming you say yes then my other problem would be I don’t know too much on how to manipulate files via the command line (I’m using self managed and anything I do I google it and follow the steps to accomplish it on the command line. I suppose if I really had to I would probably eventually figure it out but I would rather not get to that point and deal with that stress…wish there was an easier way.
- The topic ‘Q about a specific WF Blocking Feature’ is closed to new replies.
