Title: Dealing with a brute force attack Last modified: August 24, 2016 --- # Dealing with a brute force attack * Resolved [mbnoimi](https://wordpress.org/support/users/mbnoimi/) * (@mbnoimi) * [11 years, 1 month ago](https://wordpress.org/support/topic/brute-attack/) * Hi, * Although I’m using a secured WordPress control panel (through HTTPS) in addition to using the following WordPress plugins my blog I noticed that my website is being attacked (some robot register new users and login too). May you please help to fix this issue? - Akismet - BruteProtect - Limit Login Attempts - SI CAPTCHA Anti-Spam: The robot somehow bypass the captcha in the registration form - Wordfence Security: The scan result doesn’t show any suspicion behavior and the scanner shows identical content with WordPress repository of plugins/themes. - WordPress HTTPS * NOTE: - I’m using a strong admin password and I force the users to use a strong passwords too. - I changed my admin password many times (Wordfence Security says that I’m the only admin logging-in) - All the new users (generated by the robot) has **subscriber** role (as I configured my WP) Viewing 4 replies - 1 through 4 (of 4 total) * [barnez](https://wordpress.org/support/users/pidengmor/) * (@pidengmor) * [11 years, 1 month ago](https://wordpress.org/support/topic/brute-attack/#post-5980957) * You could try adding a honeypot to the registration page to put the brakes on the phoney registrations: [https://wordpress.org/plugins/registration-honeypot/](https://wordpress.org/plugins/registration-honeypot/) * There is also the [5G Blacklist](http://perishablepress.com/5g-blacklist-2013/) by Perishable Press (`.htacess`rules) which is stable and robust. * Other than than you may need to wait it out as it seems like your security measures are pretty locked down. * Thread Starter [mbnoimi](https://wordpress.org/support/users/mbnoimi/) * (@mbnoimi) * [11 years, 1 month ago](https://wordpress.org/support/topic/brute-attack/#post-5980968) * > You could try adding a honeypot to the registration page to put the brakes > on the phoney registrations * Thank you, I installed it and it seems work till now. Any way I’ll wait till tomorrow to be sure this attack is practically prevented. * [barnez](https://wordpress.org/support/users/pidengmor/) * (@pidengmor) * [11 years, 1 month ago](https://wordpress.org/support/topic/brute-attack/#post-5980971) * Glad to hear that the honeypot has helped, though you’re right to give it more time to fully evaluate if it has permanently prevented these automated bogus subscribers. * Thread Starter [mbnoimi](https://wordpress.org/support/users/mbnoimi/) * (@mbnoimi) * [11 years, 1 month ago](https://wordpress.org/support/topic/brute-attack/#post-5981166) * Thanks @barnez, * [Registration honeypot](https://wordpress.org/plugins/registration-honeypot/) Fix this issue. Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Dealing with a brute force attack’ is closed to new replies. ## Tags * [attack](https://wordpress.org/support/topic-tag/attack/) * [Brute](https://wordpress.org/support/topic-tag/brute/) * [Registration](https://wordpress.org/support/topic-tag/registration/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 4 replies * 2 participants * Last reply from: [mbnoimi](https://wordpress.org/support/users/mbnoimi/) * Last activity: [11 years, 1 month ago](https://wordpress.org/support/topic/brute-attack/#post-5981166) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics