Site Lockout question

Hi, have you by any chance enabled one of the following features?

Completely Block Access To XMLRPC:
Disable Pingback Functionality From XMLRPC:

If you haven’t can you enable one of these features. To enable one of them, go to WP Security -> Firewall -> Basic Firewall Rules.

Thank you

Hi,
Thank you for your reply.
Only the Disable Pingback Functionality From XMLRPC is checked.
I have no idea how to see if I am “currently using the XML-RPC functionality on your WordPress installation” I am afraid I have very little knowledge of the tech site so I am glad with any help you can give me ??

Hi, to test to see if Disable Pingback is working type the following URL in the browser.

[https://yourstie.com/xmlrpc.php]

Let me know what happens.

Regards

Hi,
When I did that it gave me this result
XML-RPC server accepts POST requests only.

Thank you for helping

Hi, that means it is working in accordance to your settings. If you are not going to use XML-RPC functionality in your site, then I suggest that you enable Completely Block Access To XMLRPC: and disable the other option.

Then report back with any changes in regards to the fail login attempts.

Regards

Hi,
Can you tell with what I would use the XML-RPC functionality for instance.
Is that only with a plugin?

Kind thanks and regards, Jo

Hi, you can read the following webpage which provides a great answer to your question.

Let me know if you need more information or help.

Thank you

Thank you for your help, and making a great plugin ??

I do have another question about the site lockout notification option.
Is it of any importance to get notifications, I have a lot of those.
It has happend a couple of times I get a server message that I have sent 500 messages to the same adress, my own email. And they where all site lockout notifications. I have no idea if it is “normal” to have so many false login tries, but it is driving me crazy to see them in my email inbox.

Kind thanks and regards, Jo

Hi, it is up to you if you want to receive notifications of lockouts. However if you are receiving too many notifications, the plugin gives you the option to disable this feature.

If you know the IP address of the lockouts, this plugin allows you to block IP addresses and a Range of IP Addresses. If you know the country you are getting all this notifications from and you might not be doing business with this country, you can block the country with the following country blocking addon.

Unfortunately there are many bogus attempts to log into websites nowadays. This happens to too many online websites and most are not even aware until they install a security plugin. Then they start to see what goes on on their website behind the curtains.

Let me know if you need more help or information.

Kind regards

• This reply was modified 7 years, 10 months ago by mbrsolution.

Hi, Sorry for the late reply I have been sick with a bad cold.
Thank you so much for all your help and info.
I have seen the option to lockout IP addresses, but it comes with this warning “This feature can lock you out of admin if it doesn’t work correctly on your site. You must read this message before activating this feature.” Wich is scary enough for me to stay away from it.

I have disabled the option for the lockout notifications. I think I leave things for now as it is and hope I have done enough to keep my site save.

Again many thanks and kind regards, Jo

You are most welcome.

If you don’t need any more help with this support thread can you mark it as resolved.

Thank you

Thank you I will close this thread.
Kind regards, Jo