Title: Brute Attacks Issue Last modified: April 3, 2021 --- # Brute Attacks Issue * [maria.constance](https://wordpress.org/support/users/mariaconstance/) * (@mariaconstance) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-attacks-issue/) * Hi, Our website has been receiving Brute Attacks and it will not stop. It’s been more than a month now and the attacks will not stop. We have changed the long in ULR, we are using Captcha, we’ve put a limit to failed login attempts. We even put the site to maintenance mode to see if the attacks will stop but nothing chanced. The only thing we have managed, is to block who’s trying for a few days through the worldfence free version plug in, but once the block period is over the attacks are back. The weird thing about this is, that the website was not even ready or published to gain any attention, as we were still constructing it when the attacks started. In any case how can we stop this attacks? and is there a way to find out who’s behind them? Thank you! * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fbrute-attacks-issue%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 5 replies - 1 through 5 (of 5 total) * Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * (@sterndata) * Volunteer Forum Moderator * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-attacks-issue/#post-14273418) * You can track the IP addresses, but they’ll change over time. If you can access a way to block IP addresses via CPanel, do it there rather than inside WordFence, as that stops the requests from ever reaching WordPress. * Thread Starter [maria.constance](https://wordpress.org/support/users/mariaconstance/) * (@mariaconstance) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-attacks-issue/#post-14273583) * Hi, Thanks for the response!But whoever is attacking our site must be using fake ip addresses because even though each attack shows a different ip the user is blocked! For example the ip might show that the user is from UK and gets blocked for 2 days and for those 2 days nothing happens. The 3rd day we get attacked again but from a “different” ip which also gets blocked for 2 days and the same story goes again and again, each time from a different ip but each time it gets us 48 hours free from attacks! Is there a way to find the real ip address of the attacker? And how do they manage to find our log in ulr or usernames? Which we constantly change? Thanks * Moderator [bcworkz](https://wordpress.org/support/users/bcworkz/) * (@bcworkz) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-attacks-issue/#post-14275280) * The IPs are real, the HTTP (underlying TCP actually) protocol requires it. However, the real IP may be that of a proxy or load balancer. There’s no reliable way to learn the actual machine’s IP that’s behind a proxy. There are a couple defined ways, but they can be easily spoofed. * Brute force attacks commonly come from a “bot army”, a large group of hijacked computers with central command and control. Thus you get coordinated attacks from a wide range of IP addresses. You’ve already limited login attempts. You can permanently block problem IPs like Steven mentioned. Sadly, such attacks are a fact of having a web presence. Your best action is to diminish their effectiveness with good security measures, including good strong passwords. * The only reliable way to completely prevent such attacks is to not have a web presence at all. I’m afraid attacks come with the territory. * Thread Starter [maria.constance](https://wordpress.org/support/users/mariaconstance/) * (@mariaconstance) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-attacks-issue/#post-14305139) * Hi, They should be proxy. About who is behind the attacks I might have an idea. As I said the website is new and it hasn’t be launched yet. A couple of months ago someone used music that we own illegally and we took it down. After that he contacted us to apologised and asked if we had our own websites. Upon reply, we mentioned the new site and a couple of days after that the attacks started. The time line of the attacks matches his whereabouts. So he might be behind all this. What really troubles me though, is how do they find the log in ULR and the Admin User name since we have changed them a few times until now. We are also using reCAPTCHA. Thank you so much for the reply! * Moderator [bcworkz](https://wordpress.org/support/users/bcworkz/) * (@bcworkz) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-attacks-issue/#post-14308064) * Suspicion and proof are very different things. If you have actual proof, there may be some legal recourse. You would then need real legal advice, which is not available here. But I’m sorry you’re being harassed. Harassment is a terrible thing. * Double check that any log files are above any public folders and thus inaccessible from outside. WP can conceivably leak usernames (theme dependent), they are not considered sensitive information. If the account is protected with a good strong password, knowing the username offers little advantage. I recommend using a less privileged account for day to day activities like writing blog posts. Only use the admin account when necessary to do admin things like installing plugins or similar. * You’ve already taken reasonable security measures. You might review [https://wordpress.org/support/article/hardening-wordpress/](https://wordpress.org/support/article/hardening-wordpress/) for some other possible security measures you could implement. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Brute Attacks Issue’ is closed to new replies. * In: [Developing with WordPress](https://wordpress.org/support/forum/wp-advanced/) * 5 replies * 3 participants * Last reply from: [bcworkz](https://wordpress.org/support/users/bcworkz/) * Last activity: [5 years, 2 months ago](https://wordpress.org/support/topic/brute-attacks-issue/#post-14308064) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics