Using WAF how block login attempts?

I still see some failed login attempts in Securi Plugin logs.

Don’t your Sucuri plugin’s logs provide any details beyond “failed login attempt”?

securi plugin specifies username used, Ip Address of user, date time and browser type.

it does not specify from where they are logging in. If I can only understand how these malicious users are trying to get in.

I’ll recommend you post in the Sucuri plugin’s own support forum to get help from the plugin’s developers: https://www.ads-software.com/support/plugin/sucuri-scanner/

Good luck!

Hi George,

My request is not about the Securi Plugin. I just wish to block request coming to particular pages to stop malicious login requests. It could be any other firewall plugin for that matter. I just wish to understand the places one could login from. Like wp-login, wp-json, or any other

You said Sucuri is blocking the request. They should tell you the nature of the request they’re blocking. And if any other firewall was blocking the request, that firewall should tell you the nature of the request they’re blocking.

You could also match the timestamps of your Sucuri firewall’s logs with your webserver’s access logs to see details about the request that Sucuri is blocking.

Sorry George, if my conversions were ambiguous. I said that from the network end, I have blocked requests coming towards URI like “wp-login” and “wp-json” but I am still observing some hackers trying to login which must not be possible because I have blocked requests that goes towards login pages. I would like to know if I am missing something. What other things I must block to ensure these hackers can not get in?

• This reply was modified 11 months, 3 weeks ago by magaorg.

You might want to block xmlrpc.php too, unless you’re using it for something like Jetpack

Thank you Phil, that helps.