User locked out notification

  • Resolved billb101

    (@billb101)


    7 years, 8 months ago

    I have the free version of Wordfence installed and I have the Login Security Option “Lock out after how many login failures” set to 3 and the “Lock out after how many forgot password attempts” option set to 5. In addition to that, I have an Apache .htaccess rule that restricts access to my blog’s wp-login.php URL to a limited set of IP addresses. But I’m still receiving notifications from Wordfence that someone has been locked out trying to brute force guess the password (i.e., guessed the wrong password 3 times). I don’t believe their IP address according to the email notification is within the set of IP addresses I white-listed for access to the wp-login.php page, so my question is: why am I receiving this notification? Are there other ways to login to WordPress that don’t involve the wp-login.php page?

Viewing 2 replies - 1 through 2 (of 2 total)

  • I suspect the attacker is hitting xmlrpc.php, and that is what is trying multiple authentication attempts. Basically it’s the file/API that apps and jetpack use to access your site.

    Do a search on “WordPress xmlrpc.php” and you’ll find out all sorts of information on that file, what it does, and the implications of restricting it.

    I hope this helps,
    Robert

    Thread Starter billb101

    (@billb101)

    Thanks @azrobbo – your suggestion turned out to be correct.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘User locked out notification’ is closed to new replies.