Multisite brute force attacks not being blocked

  • Resolved Mary

    (@trekvisual)


    12 years ago

    Hiya!

    I’ve been running Wordfence on one of my multisites, decided to take advantage of the options “Immediately lock out invalid usernames” and “Immediately block the IP of users who try to sign in as these usernames”. Unfortunately, neither of these options seems to be working for me. I am getting hit with brute force attacks on one site or another, daily.

    The plugin is network activated.
    I have checked “Immediately lock out invalid usernames”.
    I added admin and other user names, separated by a comma in “Immediately block the IP of users who try to sign in as these usernames”. (I also tried checking one option without the other to see if one of the options were what was breaking the plugin, but no love there.)
    I am getting ‘admin’ login attempts, as well as a couple of other site-specific username attempts.

    Can you help me troubleshoot why it doesn’t seem to be blocking attacks?

    https://ww.wp.xz.cn/plugins/wordfence/

Viewing 5 replies - 1 through 5 (of 5 total)
  • ramonjosegn

    (@ramonjosegn)

    12 years ago

    Hello Mary

    I like me recommend this plugin which has been very effective for me working with Wordfence and avoid problems how bruteck attack, there is a aditional “password” with image protection (username + password + you need “paint” over a image)

    I like me you testing
    http://ww.wp.xz.cn/plugins/wp-admin-graphic-password/

    Plugin Author Mark Maunder

    (@mmaunder)

    12 years ago

    Hi Mary,

    Do you have the firewall enabled? It’s a checkbox at the top of the Wordfence options page.

    Regards,

    Mark.

    Thread Starter Mary

    (@trekvisual)

    12 years ago

    @ramonjosegn, thanks for that, I my look into implementing that also.

    Mark, thanks for your quick reply. I do have the firewall and ‘Enable login security’ both checked. I’m not sure if I can share a screenshot here, but here’s a link to my options page.

    Plugin Author Mark Maunder

    (@mmaunder)

    11 years, 12 months ago

    Thanks Mary, I’ve filed a bug against this and we’ll run some tests on this end to see if there’s a problem and I’ll try to update this post.

    Regards,

    Mark.

    Thread Starter Mary

    (@trekvisual)

    11 years, 12 months ago

    Thanks Mark, I’ll hope for an update. If there’s anything I can do, I’d be happy to help, just let me know.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Multisite brute force attacks not being blocked’ is closed to new replies.