Settings for blocking login attempts

  • Resolved Cecilia Svensson

    (@ceciliasvensson)


    6 years, 12 months ago

    Hi!
    I need some help figuring out my settings for blocking users. I’ve searched the forum and read the documentation, and clearly, there is something I don’t get here.

    Here are some of my settings:

    1. I have listed several tried-to-hack-my-site-usernames in the section
    “Immediately block the IP of users who try to sign in as these usernames”.
    One per row.

    2. I have set the “Lock out after how many login failures” to 1 (yes, one).

    3. “Lock out after how many forgot passwords attempts” is also set to 1.

    4. “Count failures over what time period” = 1 day

    5. “Amount of time a user is locked out” = 1 day

    6. Immediately lock out invalid usernames = yes

    This leads me to believe that there can be no more than one false login attempt per day, per false username and IP-address.

    My log looks like this, except for the fact that I have masked the real data. The username and IP-addresses are identical for all rows.

    My questions are:
    a) How come they can try repeatedly with the same username?
    b) How come they can try repeatedly with the same IP-address?

    Username – IP-address – Time sine login attempt<br>
    ****** – 115.xxx.yy.zz – 5 hours 36 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 36 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 36 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 36 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 37 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 37 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 37 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 37 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 37 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 37 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 37 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 37 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 37 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 37 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 37 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 37 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 38 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 38 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 38 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 38 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 38 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 38 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 38 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 38 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 38 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 38 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 38 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 38 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 38 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 38 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 38 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 39 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 40 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 41 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 42 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 42 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 42 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 42 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 42 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 42 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 42 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 42 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 42 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 42 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 42 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 42 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 42 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 42 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 42 mins ago<br>
    ****** – 115.xxx.yy.zz – 5 hours 42 mins ago<br>

    The page I need help with: [log in to see the link]

Viewing 2 replies - 16 through 17 (of 17 total)
  • anonymized-14293447

    (@anonymized-14293447)

    I just don’t get it: if even myself is not able to view login page, getting a 404, how can hackers do?

    Hi @arsenalemusica,

    Maybe the hack is actually taking place at the host level and not via the WordPress site.

    Attackers might have found a way to log into the server itself to manipulate files and database content.

    Wordfence is a plugin for WordPress and will therefore protect your site against attacks performed via WordPress components/scripts.

    Wordfence is not designed to stop attacks at server level.

    What I suggest is to contact your hosting provider and inform them of that intrusion so they can further investigate.

Viewing 2 replies - 16 through 17 (of 17 total)
  • The topic ‘Settings for blocking login attempts’ is closed to new replies.