Block IP for Brute Force to WordPress

A

arazit

Verified User
Joined
Aug 20, 2008
Messages
184
Hello,
Brute Force attack IP's to wordpress could not be sent to Blacklist IPs.
For example I set:
Blacklist IPs for excessive DA login attempts 150 login attempts.
Notify Admins after an IP has 152 login failures on any account.
Notify Admins after a User has 152 login failures from any IP.
Scan for WordPress attacks All Logs.

I set auto block IP for brute force but now I get Brute Force attack massage in massage system.
Please check it.
Thank you
 
Why do you think or how do you know that offending IPs (which are attacking wordpress) could not be sent to Blacklist IPs? Is it because you don't get emails from CSF/LFD? IF so then CSF/LFD won't alert/notify you about this. Or you have another reasons?
 
zEitEr said:
Why do you think or how do you know that offending IPs (which are attacking wordpress) could not be sent to Blacklist IPs? Is it because you don't get emails from CSF/LFD? IF so then CSF/LFD won't alert/notify you about this. Or you have another reasons?
Click to expand...

Hello,
I set in
Blacklist IPs for excessive DA login attempts 150 login attempts and Notify Admins in bigger than 150 and I set it to 152 or 200 in this case should be I don't receive any massage for brute force attack in massage system and must be blocked IP but I receive brute force attack massage in massage system and IP has not been sent to csf and has not been blocked in csf.
After that I check brute force attacks in directadmin and check type attacks from this IPs and see wordpress attack.
Thank you
 
Check out the "Login Lockdown" plugin or something similar to it. Not as resource efficient as the firewall blocking, but it works fine.

Also - not a bad idea to password protect your wp-admin folder with .htaccess/.htpasswd
 
You must log in or register to reply here.
Back
Top