Wordfence doesn't block brute force attacks

  • Yesterday I got too many failed login attempts that Wordfence didn’t block.
    Wordfence doesn’t seem to block any brute force attacks at least by banning IP (it doesn’t even log them) furthermore it doesn’t complete any scheduled scan while it is set on 256MB memory and tested with no issues.
    How can I resolve this problem?
    Note: did all tests and disabled all new plugins but still not resolved.

    https://www.ads-software.com/plugins/wordfence/

Viewing 2 replies - 16 through 17 (of 17 total)

  • We just shut down a bot brute force attack too. Wordfence was locking out lots of failed login attempts and was notifying me (thank you, thank you!) but I had to go in and block them manually because they kept coming back after the lockout expired. Eventually I set wordfence to lockout any invalid usernames for 24 hours which gave me more time to deal with blocking them. If it hits another one of my sites I will let you know.

    @docdaddy Maybe it is just me but I rarely give 20 login tries before I lock them out. And the minimum I set the lockout period for is 6 hours.

    @b13story One issue per thread, especially if it has been hijacked. Otherwise we’ll have to ask the mods to close it. There’s way too many things going on in this one.

    Is there any particular reason you scan with High Sensitivity? I usually only use that option when I need it, to double check a site. That option can throw false positives because of how aggressive it is.

Viewing 2 replies - 16 through 17 (of 17 total)
  • The topic ‘Wordfence doesn't block brute force attacks’ is closed to new replies.