Title: Brute force attacks dramatically reduced Last modified: March 24, 2021 --- # Brute force attacks dramatically reduced * Resolved [Attila](https://wordpress.org/support/users/titala/) * (@titala) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-force-attacks-dramatically-reduced/) * Hi, * The number of [brute force attacks](https://drive.google.com/file/d/11_JMdxs0jGaLSYIRaLKg5APl3uuQouUJ/view?usp=sharing) has been dramatically reduced. There is nothing wrong with it but I’d like to be sure that still everything is working fine concerning Wordfence. * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fbrute-force-attacks-dramatically-reduced%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 13 replies - 1 through 13 (of 13 total) * Plugin Support [WFAdam](https://wordpress.org/support/users/wfadam/) * (@wfadam) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-force-attacks-dramatically-reduced/#post-14231037) * Hello [@titala](https://wordpress.org/support/users/titala/) and thanks for reaching out to us! * It’s sad that when we stop getting attacked, were almost more suspicious than when we do. I get your point! 🙂 * The best thing to test here would be to visit your Wordfence > Tools > Live Traffic page and make sure you’re still seeing hits to your site, possibly test via another browser while you watch it. Try to access pages like wp-admin to see the security hits. Its possibly the Live Traffic portion of the database has crashed. * Let me know what you find! * Thanks again! * Thread Starter [Attila](https://wordpress.org/support/users/titala/) * (@titala) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-force-attacks-dramatically-reduced/#post-14235219) * Hi [@wfadam](https://wordpress.org/support/users/wfadam/) * Some background information: I only use Brute force protection (and login security). WAF and SCAN is switched off because of the incompatibility with the Hosting system (The Hosting partner is providing these services) * I switched Traffic logging to All traffic and quite some suspicious entries have been reported but not blocked while accessing the /wp-login page. * Some examples: [https://www.abuseipdb.com/check/66.55.76.17](https://www.abuseipdb.com/check/66.55.76.17) [https://www.abuseipdb.com/check/118.67.248.50](https://www.abuseipdb.com/check/118.67.248.50) [https://www.abuseipdb.com/check/217.160.130.107](https://www.abuseipdb.com/check/217.160.130.107)…. * So I have the strong feeling something is not OK. How could we further investigate this? * Plugin Support [WFAdam](https://wordpress.org/support/users/wfadam/) * (@wfadam) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-force-attacks-dramatically-reduced/#post-14235334) * Thanks for providing that information! * These would be blocked by premium protection due to the Real-Time IP Blocklist but might not be blocked in the free version unless they are doing something malicious. For those hits on the wp-login by those IPs, are they attempting any logins of any sort of just probing for the login page? * Just to double-check everything seems to be in order, could you also send in a diagnostic? * Can you send a diagnostic report to **wftest @ wordfence . com**? You can find the link to do so at the top of the **Wordfence Tools > Diagnostics** page. Then click on **“Send Report by Email”**. Please add your forum username where indicated and _respond here after you have sent it._ * Thanks again! * Thread Starter [Attila](https://wordpress.org/support/users/titala/) * (@titala) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-force-attacks-dramatically-reduced/#post-14236160) * Diagnostics has been sent. * These IPs do not attempt to login. * Thanks for your help! * Plugin Support [WFAdam](https://wordpress.org/support/users/wfadam/) * (@wfadam) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-force-attacks-dramatically-reduced/#post-14240057) * It looks like you might have some overdue cron jobs that aren’t working. I recommend downloading and installing **WP Crontrol**([https://wordpress.org/plugins/wp-crontrol/](https://wordpress.org/plugins/wp-crontrol/)). * You can delete any wordfence related cron jobs that currently aren’t working, then deactivate Wordfence and enable it again to repopulate the cron jobs. * Here is a list of the Wordfence cron jobs you will want to observe: - wordfence_ls_ntp_cron - wordfence_hourly_cron - wordfence_daily_cron - wordfence_start_scheduled_scan - wordfence_email_activity_report * Let me know if you have any questions! Resend the diagnostic once you have corrected these! * Thanks again! * Thread Starter [Attila](https://wordpress.org/support/users/titala/) * (@titala) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-force-attacks-dramatically-reduced/#post-14240354) * Actually the only thing I see that wordfence_start_scheduled_scan [does not exists](https://drive.google.com/file/d/1wma_73m2-MtPiDOKoLl2mjFYxA19FP97/view?usp=sharing) * Thread Starter [Attila](https://wordpress.org/support/users/titala/) * (@titala) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-force-attacks-dramatically-reduced/#post-14240522) * Unfortunately the situation is not so nice. After deleting the jobs and restart there are quite some [issues](https://drive.google.com/file/d/1Pw1rTJyJHH6et8kZmeKGsbklcURkRCvr/view?usp=sharing). * Diagnostic has been sent. * Plugin Support [WFAdam](https://wordpress.org/support/users/wfadam/) * (@wfadam) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-force-attacks-dramatically-reduced/#post-14240596) * The crons looks to be resolved, though enough time hasn’t gone by to know that for sure. * It might be best to reinstall Wordfence, just to make sure the database is working properly as well. * You can backup your Wordfence settings via the Export option. Navigate to **Wordfence > Tools > Import/Export Options** and click **Export**. You can also take note of the current Whitelisted URLs you have in **Wordfence > Firewall > All Firewall Options > Whitelisted URLs** as these are _NOT_ included in the Import/Export, and will be lost during the re-install. Here is what is exported: [https://www.wordfence.com/help/tools/import-export/](https://www.wordfence.com/help/tools/import-export/) During the export, you will be given a long string of text. Keep this safe, you’ll need it in a few minutes. * After that, enable the option to Delete Wordfence tables and data on deactivation in **All Options > General Wordfence Options**. You will want to remember to disable this after you reinstall Wordfence again. * After you enable that option, you can deactivate Wordfence from the Plugins area of your site, then delete it. Next, from the plugins area, search for and re- install Wordfence like normal. * It will be like setting Wordfence up for the first time. You will need to enter an email address, and then go into **Tools > Import/Export Options** and paste that string of text into the Import Wordfence Options field and click the button there. * The firewall will be in **Learning Mode** by default for 7 days. I would recommend switching this to **Enabled and Protected** as soon as possible. * Let’s see what this does! * Thanks again! * Thread Starter [Attila](https://wordpress.org/support/users/titala/) * (@titala) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-force-attacks-dramatically-reduced/#post-14242779) * How about Login Security and the 2FA other users? Will it be also exported and imported back incl. the existing codes? * Plugin Support [WFAdam](https://wordpress.org/support/users/wfadam/) * (@wfadam) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-force-attacks-dramatically-reduced/#post-14250915) * This will knock out all of the current 2FA codes in the database and they will need to be set back up again. * Do you have a large userbase on your site in which this would affect a lot of people? * Thanks again! * Thread Starter [Attila](https://wordpress.org/support/users/titala/) * (@titala) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-force-attacks-dramatically-reduced/#post-14251172) * Only one, but she is a sensitive one (my daughter :)) * Plugin Support [WFAdam](https://wordpress.org/support/users/wfadam/) * (@wfadam) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-force-attacks-dramatically-reduced/#post-14255922) * Oh! haha! I was worried you had 30+ users with 2FA enabled. * Your issue actually sparked an idea for me to add as a feature request in with our Dev Team. A way to delete the tables but back up all 2FA codes and add them back once the reinstall is over. So I thank you for sparking that idea! * How did the process go? Thanks again! * Thread Starter [Attila](https://wordpress.org/support/users/titala/) * (@titala) * [5 years, 2 months ago](https://wordpress.org/support/topic/brute-force-attacks-dramatically-reduced/#post-14302333) * I did not reinstall the plugin yet but normal “attack activity” returned. I’m happy to support you with good ideas 🙂 Viewing 13 replies - 1 through 13 (of 13 total) The topic ‘Brute force attacks dramatically reduced’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 13 replies * 2 participants * Last reply from: [Attila](https://wordpress.org/support/users/titala/) * Last activity: [5 years, 2 months ago](https://wordpress.org/support/topic/brute-force-attacks-dramatically-reduced/#post-14302333) * Status: resolved