pierregielen
Forum Replies Created
-
Thank you,
I have followed your advice and completely disabled XMLRPC. Hopefully this will bring the number of brute force attempt down.
In the trace of the illegal login attempts is can see they are indeed using “blogger_getUsersBlogs” via class-wp-xmlrpc-server.php, but also via class-IXR-server.php.
Thanks for you answer,
Indeed, xmlrpc has been disabled by the latest update. It’s not a very good idea to let an update of a security plugin open the gates to hackers. However, I have enabled it again manually. Let’s see if the attacks will stop now in the coming hours.
I will take a look at the improved user enumeration plugin as well.
The problem was solved by our hosting company which commented out a line in the .htaccess file that caused the error:
#TLINKS_START
Don’t know who placed it there. Does it ring a bell?
I think that there is a closing bracket } missing after the return ‘1000’;
Thank you! It now seems that the database filled up so quickly because of a DDOS attack, causing 1.5 million 404 messages in one day by only a handful of IP addresses.
I think it would be great if All In One Security could detect such an attack and limit the number of 404 lines itself to a number defined in the settings, without having to change a php file.
Maybe a commercial add-on to make this work in Page Builders or classic editors would be an idea. I’d buy it!
(obsolete)
- This reply was modified 4 years, 11 months ago by pierregielen.
I have deactivated all other plugins for testing, and left the From Name blank. This did not help. My site handles requests for exporting personal data (a GDRP function of WordPress) correctly by sending e-mails, so I guess the wp_mail() function works also. I liked the idea behind Download after E-mail, but this way, I can not use it.
These few plugins are active on my site at the moment. Are any of them incompatible with Download after Email?
GTranslate
Limit Login Attempts Reloaded
Mediamatic Lite
Orbit Fox Companion (and from these Policy Notice, Safe Updates, Hestia Enhancements, Analytics integration, Uptime monitor, Gutenberg Blocks, Social Sharing Module)
Really Simple SSL
Theme My Login
UpdraftPlus – Backup/Restore
WPBruiser
Yoast SEO