ejwjohn

Hello,

Thank you for your response.

I was getting a little concerned that my issue seemed to be unique and/or i was having issues reliably reporting the actual problem i was experiencing.

Thanks Again…look forward to the update.

John

Hello,

No

I am still getting error situation when i first deselect the features, Captcha and rename login page, that cannot be correct ?

or am i missing something here?

John

• This reply was modified 8 years, 5 months ago by ejwjohn. Reason: typo

OK,

Moved to a different machine and using chrome, also using another one of my sites

and using the info i supplied previously i had the following

Log into admin via renamed page
Clear Captcha
Clear Rename Login page
Clear browser history
Log out
See image SS1 this is what happened when i tried to log out.
SS1
Use standard wp-admin page to log in
Select all in one dashboard
Tried to Select Brute Force menu item
New Login page dislayed (wp-admin)
Clear Browser History
Using wp admin page logged into site OK
Select All in one Dashboard OK
Select Brute force menu item OK
Set new login page
saved
Tried to log out and had response as in SS2 screen shot
SS2

Then i get no more errors after this.

Strange.

Thx

John

OK,

I am going to try and give you as much info as i can, and i hope the images have not got anything sensitive on them

All of these steps are done using Safari

Log into admin via renamed page
Clear Captcha
Clear Rename Login page
Clear browser history
Log out
See image SS1 this is what happened when i tried to log out.
SS1
Use standard wp-admin page to log in
Select all in one dashboard
Tried to Select Brute Force menu item
New Login page dislayed (wp-admin)
Clear Browser History
Using wp admin page logged into site OK
Select All in one Dashboard OK
Select Brute force menu item OK
Set new login page
saved
Tried to log out and had response as in SS2 screen shot
SS2
Clear Browser History
New Login using new admin page logged in OK
All in One dashboard OK
Logged out OK
Clear Browser history
Tried to log in using new admin page name see SS3 screen shot for response
SS3
Clear Browser History
Login in OK
All in one dashboard Not available see image SS4

Terminated SAFARI
start again
login OK
Brute Force page
Select Captcha
save options
Log out OK
Log back in OK

Slightly different to my original experience but maybe down to browser cashing,

Ok, But there is something amiss, hope i have provided useful info for you.

John

(also worked out how to include images i hope they are OK)

Hello,

you asked me t share screen shots of this issue, but how do i upload screen shots to the forum please?

John

Sorry forgot to advise all plugin log files are empty

John

Hello,

I carried out the test you requested on another site i have in progress and it uses the same All in one Security plug in but with a limited number of other plugins.

I performed the test you requested using Safari browser as it is easy to clear all history etc, and after several attempts to make sure i had everything sorted and the sequence correct i had the exact same issue as initially described.

I am now going to reinstate my plugins, also let me say that the first site i had this issue on had the Customizr Pro theme and this site has the WP 2016 Theme in use.

let me know if there is anything else i can assist with on this issue

John

Ashley,

Thank You for the comprehensive and detailed response.

John

Hello,

The results i had from the yoursite.com/xmlrpc.php

Were:-

XML-RPC server accepts POST requests only.

Ref my question, I just want to know what you were expecting, more or less ?

but i do appreciate the continued support.

This is my first real WP site and i am not used to this “illegal” activity linked to my web site, maybe this is the norm, when a new site is located they try to break into it if they fail they move on…

So maybe i am not going to get the same level of that type of activity any more.

John

If i do this are you prepared for the results?

John

I have checked the site using the link you provided, thank You for that, it comes up clean except with a warning that there was no Firewall detected, which seems a little odd as i have it fully configured using the All in one Security plugin.

Also, i think i am missing the point here, why should the Hosting company do anything about the number of login attempts? after all i am using your plug in to help me protect against this … i have used the Option to rename the Admin page yet they still appear to be getting around that option, and finding a way to attempt a log in.

Maybe i have misunderstood the purpose of the plug in in this respect….

OK, I had another response form you that asked are my browsers up to date?? yes they are i use Chrome, Firefox and Safari and they are all up to date.

My issue is i do not understand this issue well enough to engage the Host in a useful dialogue, when i engage with them what am i reporting exactly…????

Please try to help me on this.

thanks

John

Hello,

Not sure if this is relevant, but here is what the access log indicated about the failed attempt to login to my site.

86.99.68.40 – – [12/Oct/2016:14:21:04 +0100] “GET /wp-login.php HTTP/1.1” 404 1638 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1”
86.99.68.40 – – [12/Oct/2016:14:21:05 +0100] “POST /wp-login.php HTTP/1.1” 404 1638 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1”
86.99.68.40 – – [12/Oct/2016:14:21:06 +0100] “GET /wp-login.php HTTP/1.1” 404 1638 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1”
86.99.68.40 – – [12/Oct/2016:14:21:06 +0100] “POST /wp-login.php HTTP/1.1” 404 1638 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1”

Your plugin reported this IP making an attempt to login using an nonexistent user

John

Hello,

Errors have started to be logged again.

Login Failed and then the IP is locked out, and this is with a different wp-admin page specified.

John