Multple failed login attempts to admin


452 posts

Ultimate Geek

Subscriber

# 261889 20-Dec-2019 00:18
So now I am getting loads of failed login attempts to the website with someone using the login of admin

 

I have changed the login name so its not admin but someone is trying to login every few minutes and they are all from different IP address.

 

I have now turned on the security feature to lockout all usernames that don't exist in the system.

 

There is an option to rename the login URL. Has anyone tried that, and will that stop robots (assuming its that) that keeps trying to login to my website.

 

Thanks

 

 

409 posts

Ultimate Geek


  # 2378873 20-Dec-2019 01:11
have you tried some thing like 

 

fail2ban ?

Webhead
2329 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2378875 20-Dec-2019 01:22
People trying to log in to your WordPress site is just a fact of life.

 

Two things you can do:

 

1) Make sure all passwords are strong.

 

2) Add 2-factor authentication, like Duo Security or Google Authenticator.




452 posts

Ultimate Geek

Subscriber

  # 2378889 20-Dec-2019 01:36
Thanks

 

 

15456 posts

Uber Geek

Trusted
Subscriber

  # 2378934 20-Dec-2019 05:53
Yeah attempts to login are near constant. A different username, a strong password, at least robot detection (Google) or MFA if you can get it implemented, and fail2ban are ideal.

 

I configure Fail2Ban to update the CloudFlare firewall to prevent people even reaching the website, like this article says ( https://guides.wp-bullet.com/integrate-fail2ban-cloudflare-api-v4-guide/ ). The key here is you have to prevent any IPs other than CloudFlare and perhaps your own IP getting direct to the server. I do this in AWS with a security group, so requests don't reach the server, but IPTables is ok as well. If you try this and have any trouble drop me a message, I vaguely recall tweaking something and could give you my configuration.

xpd

Chief Trash Bandit
10186 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  # 2378955 20-Dec-2019 07:48
For WP, I use this - works a treat :)

 

 

 

https://wordpress.org/plugins/ip2location-country-blocker/

 

 

 

 




