jp5633

Thanks for helping me with this Mark. I really appreciate it.

I do trust that Wordfence is blocking brute force attacks. But I am pretty sure hackers know when I sign in and I would like to fix whatever means they are using. Here is how I know.

The first thing I do when I sign in is go to Wordfence/Blocking. I have dozens and dozens of permanent blocks against URL’s that have attacked.

But it is the NEW URL’s that concern me. New ones ONLY appear when I log in. If I don’t log in for two days there are no NEW URLs that have been flagged by Wordfence Blocking. for those two days. But When I sign in there are Always new ones that appear with time stamps that match when I signed in.

Do you see my concern? They know when I sign in and I would like to know where to look to find the flaw.

Regards,

John

• This reply was modified 1 year, 2 months ago by jp5633.

By the way Mark,

I sign in using C-Panel/Softaculous/Worpress Manager which is automatic. I don’t need the very lengthy password which is blocking everyone else.

John

Hi Mark,

Thanks for the reply. Under live traffic I see the entries. They vary from those attempts ending in wp-login.php to xmlrpc.php. Almost all are Human. Some are Blocked by Wordfence Security Network and some are Blocked for Manual Block by Administrator. The later are from the fact that all of the new URLs listed under Blocking I make the block Permanent.

I made the login failure ‘3’ a few months ago, but thanks for the suggestion.

Several times attackers tried Password Recovery Method to get in, but were blocked (mostly from using “admin”, but if they try that with the correct User name (which many of them appear to know) can they get a new password and get in?

Thanks,

John