Brute force?

  • Resolved toofargone

    (@toofargone)


    9 years, 10 months ago

    Hi,

    I’m using loginizer on my blog and i’ve got an issue with the brute force logging. I’ve disabled passwords on my site and i’m using Clef. I’ve also password protected wp-login.php vita .htaccess and yet I still see IP’s showing up in my brute force log.

    a) how can people brute force attack a site with wp-login.php password protected via .htaccess and .htpaswd?
    b) how can people then brute force when passwords are disabled?

    I don’t really understand how it’s possible. I am probably missing something but if you can point me in the right direction?

    https://ww.wp.xz.cn/plugins/loginizer/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter toofargone

    (@toofargone)

    9 years, 10 months ago

    Edit: I should also say these attempts aren’t being logged in the server logs either?

    Plugin Contributor loginizer

    (@loginizer)

    9 years, 9 months ago

    >> a) how can people brute force attack a site with wp-login.php password protected via .htaccess and .htpaswd?

    A regular login is also treated as an attempt. The IPs are logged for those.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Brute force?’ is closed to new replies.