Defining "Brute Force Attack"

  • Resolved Nora McDougall

    (@nora-mcdougall)


    10 years, 6 months ago

    I am using Ninja Firewall for the first time. I installed it on a site that has been running WordFence for quite a while, but where I’m seeing an unusual amount of activity compared to other sites I work on.

    My question is: at what point do I turn on the brute force attack protection? Here are the stats from the site. Please take into account that it is a very small site with only 2 legitimate users, myself and the site owner.

    1. Since Sept 6, I have archived 1284 lockout emails, which is about 14 per day.
    2. Of these emails, 961 (about 75%) were attempts with the user name ‘admin’.
    3. Since admin doesn’t exist as a user name, they were locked out immediately.

    https://ww.wp.xz.cn/plugins/ninjafirewall/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet

    (@nintechnet)

    10 years, 6 months ago

    Hi,

    Since you are only 2 persons to have access to the dashboard, I would set the protection to “Always ON”. All you will have to do is to give the firewall login protection username and password to the owner.
    This also gives you a dual-authentication system, which is a good thing.

    Otherwise, you can select “Yes, if under attack” with its defaults values, except the “Password-protect it For 5 minutes” which could be increased to 30mn instead.

    The second thing to take into consideration is the xmlrpc.php script, which too can be attacked:
    -If you don’t need it at all (e.g., you do not use JetPack or the WordPress mobile app), you can enable the “Firewall Policies > WordPress XML-RPC API > Block any access to the API” option, and set the login protection to “Always ON” as described above.
    -If you need it, enable the “Firewall Policies > WordPress XML-RPC API > Block only system.multicall method” option. Regarding the “Login Protection options, enable “Apply the protection to the xmlrpc.php script as well” and set it to “Yes, if under attack” with the default values.

    Thread Starter Nora McDougall

    (@nora-mcdougall)

    10 years, 6 months ago

    WOW! That is an amazingly complete answer! I will have to say something nice about it on Facebook.

    My sites need JetPack like I need 27 cats – nothing against cats, but I have allergies.

    My client is computer-uncomfortable, so I will have to introduce the idea of dual-authentication gently.

    Wendihihihi

    (@wendihihihi)

    10 years ago

    @nintechnet Very helpful. Thank you.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Defining "Brute Force Attack"’ is closed to new replies.