zm11011

Hi.

Because I left few questions on the ticket but I didn’t get a reply.

Now I got a reply, thank you.

Hi.

Yes, I could use “lock invalid usernames” but they are not good as real customer can make mistake easily.

Also even If they got blocked with that they are blocked but it is also being logged as well for xmlrpc types of attack.

On my websites, most of attacks are using XMLRPC, sometimes it uses same IPs but so many login requests in very short time. some other cases are trying same user name but different location which I mentioned above.

I think none of security plug-in can block XMLRPC without disabling XMLRPC at the moment.

This is very hard.

Hi.

Thanks for the answer.

I don’t want to set up allow unlock requests as customer can complain about that even with one typing mistake.

On my websites, most of attacks are using XMLRPC, sometimes it uses same IPs but so many login requests in very short time. some other cases are trying same user name but different location which I mentioned above.

I think none of security plug-in can block XMLRPC without disabling XMLRPC at the moment.

Maybe blocking the certain username would help if someone is trying to log-in with same username for many times.

Anyway thanks for the help.

Lee

Hi.

I do want to enable that as real user can make mistake username.

So there no way to block this other than disabling xmlrpc?

Thank you.

Lee

Hi.

Thanks for the answer.

but does disabling XML-RPG broke things such as jetpack plugin and other mobile APP?

is there any other way to solve this?

Hi.

I don’t use any APP, just using smartphone browser, and my website is woocommerce website.

is there any harm to website functionality or customer use other than Using APP?

Thank you.

Hi.

Yes, I can see those try from my website https://www.winebox.co.nz/xmlrpc.php

Okay, it says NOTE: You should only enable this feature if you are not currently using the XML-RPC functionality on your WordPress installation.

But I don’t know what whether if my site is using XML-RPC functionality currently or not.

Is there any tip to check it?

I think It’s because they try to log-in my front-end page which is customer log-in, not admin page?

I checked Brute Force Prevention. but there are still log-in try with username of admin from random different locations.

I updated ticket on wordfence.com, but no reply since I updated it yesterday.

Hi.

I just replied it with email, anyway I will make reply on wordfence.com again.

Hi.

Just emailed you. Thank you.

*I never got alert emails.

It blocked when I did few tests, but it didn’t send me any alert emails.
I could see on blocked list, but I got alert email.

Okay. I was waiting for their reply, but it takes so long.