Plugin Author
Paul
(@paultgoodchild)
When you say it didn’t prevent the attack, how exactly do you mean?
I think there is a misunderstanding of the nature of such an attack, and what this plugin is capable of doing.
You can’t prevent web requests to your site. It’s impossible. But you can mitigate the effect that brute force attacks can have. My guess is that the attack didn’t actually get logged into your site?
I would call that a success and a job well done.
This plugin is designed to mitigate the attack, not prevent it – since you can’t prevent it.
To help prevent it, discuss this with your host, and/or use a Web application firewall such as CloudFlare:
https://www.icontrolwp.com/2012/08/cloudflare-boost-wordpress-security-performance/
OK, that makes sense. What I see in the logs is a series of POSTs from the same IP to wp-login.php, each returning an HTTP error code (initially 503, then 301). So I guess that’s what it’s supposed to do, right?
Plugin Author
Paul
(@paultgoodchild)
That would make sense… eventually the plugin started redirecting. If you had the IP auto black list enabled it would’ve consistently returned a 500 error.
Hmm, I did have auto black list enabled. Never saw a 500. But this happened overnight and the blacklist is set to expire every hour, so I can’t check if the IP was there.
Plugin Author
Paul
(@paultgoodchild)
How many black marks do you have it set to?
