Title: BEST PRACTICE: Attack
Last modified: August 3, 2019

---

# BEST PRACTICE: Attack

 *  [CamZL1](https://wordpress.org/support/users/danishhaidri/)
 * (@danishhaidri)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/best-practice-attack/)
 * I had 1,494 recorded attempts using different usernames coming from the same 
   IP. Thank god WF blocked them. However how do i prevent this from happening again?
   more importantly how can i prevent this block to activate before 1,494 attempts?
   Is there a control for this?
 * Second part of the question is; is there any body that regulates this? Can we
   report this to someone so others don’t get effected?
    -  This topic was modified 6 years, 10 months ago by [CamZL1](https://wordpress.org/support/users/danishhaidri/).

Viewing 6 replies - 1 through 6 (of 6 total)

 *  [retrochansmith](https://wordpress.org/support/users/retrochansmith/)
 * (@retrochansmith)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/best-practice-attack/#post-11799078)
 * I have been having this too. I am not sure if these are real attacks or just 
   showing up in the list or not. I have a new website that is very small and low
   viewers because it’s new. Not sure what is going on. I even had attacks today.
   It has even shown attacks from the same server localhost.
    -  This reply was modified 6 years, 10 months ago by [retrochansmith](https://wordpress.org/support/users/retrochansmith/).
 *  Thread Starter [CamZL1](https://wordpress.org/support/users/danishhaidri/)
 * (@danishhaidri)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/best-practice-attack/#post-11799285)
 * Hello @Wordfence can you please reply.
 *  Thread Starter [CamZL1](https://wordpress.org/support/users/danishhaidri/)
 * (@danishhaidri)
 * [6 years, 9 months ago](https://wordpress.org/support/topic/best-practice-attack/#post-11804569)
 * CAN ANYONE FROM WORDFENCE ANSWER THE QUESTION!!!!!
 *  [WFGerroald](https://wordpress.org/support/users/wfgerald/)
 * (@wfgerald)
 * [6 years, 9 months ago](https://wordpress.org/support/topic/best-practice-attack/#post-11804982)
 * Hey [@danishhaidri](https://wordpress.org/support/users/danishhaidri/),
 * This sounds like a brute force attack. It also seems like Wordfence is blocking
   them, but it will continue to record the attempts. There’s only so much we can
   do to prevent attacks; it’s more about making sure they aren’t successful, which
   it sounds like Wordfence is doing.
 * Please let me know if you have any other questions.
 * Thanks,
 * Gerroald
 *  Thread Starter [CamZL1](https://wordpress.org/support/users/danishhaidri/)
 * (@danishhaidri)
 * [6 years, 9 months ago](https://wordpress.org/support/topic/best-practice-attack/#post-11806317)
 * [@wfgerald](https://wordpress.org/support/users/wfgerald/) I agree that WF has
   blocked the attack!! However are there any best-practice brute-force settings
   that i can use to ensure that all time-out settings and blocks are correctly 
   configured?
 *  Plugin Support [wfscott](https://wordpress.org/support/users/wfscott/)
 * (@wfscott)
 * [6 years, 8 months ago](https://wordpress.org/support/topic/best-practice-attack/#post-11983577)
 * [@danishhaidri](https://wordpress.org/support/users/danishhaidri/)
 * Sorry for the delay in responses.
 * As far as best practice Brute Force settings, I recommend using strict settings
   in a case like this, such as 3 login attempts, 1 or 2 password resets attempts,
   counted over 1+ hours, and a lockout of 30+ minutes. In the case where there 
   was a high number of attempts like you mentioned, this should thwart these occurrences—
   between the settings, and using a strong password and ideally 2FA.
 * Let us know if you have any other questions.
 * Scott

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘BEST PRACTICE: Attack’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * [attack](https://wordpress.org/support/topic-tag/attack/)

 * 6 replies
 * 4 participants
 * Last reply from: [wfscott](https://wordpress.org/support/users/wfscott/)
 * Last activity: [6 years, 8 months ago](https://wordpress.org/support/topic/best-practice-attack/#post-11983577)
 * Status: not resolved