Title: endless brute force attack Last modified: January 3, 2024 --- # endless brute force attack * Resolved [aibol90](https://wordpress.org/support/users/aibol90/) * (@aibol90) * [2 years, 5 months ago](https://wordpress.org/support/topic/endless-brute-force-attack/) * I enabled protection against brute force attacks by changing the standard login page in the admin panel. I also set up a white list of IP addresses, but still there are records of unsuccessful logins in the log. I tried changing this login address several times, I even tried cookie-based protection, but I still see failed authorization errors in the log. I myself tried to go to the admin page from a different IP address, but it shows a 403 error and I can’t understand how quickly they find the login page and do a brute force Viewing 7 replies - 1 through 7 (of 7 total) * Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * (@hjogiupdraftplus) * [2 years, 5 months ago](https://wordpress.org/support/topic/endless-brute-force-attack/#post-17314507) * Hi [@aibol90](https://wordpress.org/support/users/aibol90/), * WP security > Dashbaord > Audit logs have Failed login records you can corss check stack trace to see what is cuasing that filed login. It might be XML RPC call of getUsersBlogs which may creating the Falied login records usign xmlrpc * WP Security > User security > Login lockout tab – Enable login lockout tab with option lockout invalid usernames. * if stop user enumeration not on It might be the reason your admin username exposed– WP Security > Miscellaneous > User enumeration tab check there. * XML RPC call of wp_getUsersBlogs is trying to authenticate the user. – WP Security > Firewall > Basic firewall rules tab > Completely block access to XMLRPC , Disable pingback functionality from XMLRPC Please check both and Save.” - This reply was modified 2 years, 5 months ago by [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/). * Thread Starter [aibol90](https://wordpress.org/support/users/aibol90/) * (@aibol90) * [2 years, 5 months ago](https://wordpress.org/support/topic/endless-brute-force-attack/#post-17314545) * Thanks for the answer! I have blocking enabled for non-existent usernames. I’ll try to enable the Completely block access to XMLRPC option * Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * (@hjogiupdraftplus) * [2 years, 5 months ago](https://wordpress.org/support/topic/endless-brute-force-attack/#post-17317211) * Hi [@aibol90](https://wordpress.org/support/users/aibol90/), * Ok, keep me posted if that has solved the issue. * Regards * Thread Starter [aibol90](https://wordpress.org/support/users/aibol90/) * (@aibol90) * [2 years, 5 months ago](https://wordpress.org/support/topic/endless-brute-force-attack/#post-17317261) * Hi! This seems to have solved the problem. There have been no failed login attempts since yesterday. Thanks a lot! * Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * (@hjogiupdraftplus) * [2 years, 5 months ago](https://wordpress.org/support/topic/endless-brute-force-attack/#post-17317454) * Hi [@aibol90](https://wordpress.org/support/users/aibol90/) * Glad to know the issue seems solved. * Would you mind writing a quick five-star review on wordpress.org? * [https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/#new-post](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/#new-post) * Reviews also help others to make confident decisions about our plugin. * Regards * [WPDogger](https://wordpress.org/support/users/wpdogger/) * (@wpdogger) * [2 years, 4 months ago](https://wordpress.org/support/topic/endless-brute-force-attack/#post-17344138) * I just experienced the exact same problem after doing plugin updates. There were random, multiple attempts to log in using the Display Name, which your plugin successfully blocked. Changing the login address did not stop the attempts. There are calls to getUsersBlogs in the stack trace. I just checked Completely block access to XMLRPC and Disable pingback functionality from XMLRPC, as you recommend. I’ll let you know if the problem is resolved in a few days. Do you know what is causing the XMLRPC calls? Is it WordPress, another plugin, or something external? The IPs for the invalid logins are coming from all over Europe, so they appear to be external calls. * Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * (@hjogiupdraftplus) * [2 years, 4 months ago](https://wordpress.org/support/topic/endless-brute-force-attack/#post-17345146) * Hi [@wpdogger](https://wordpress.org/support/users/wpdogger/) *  XMLRPC calls are of WordPress, So it need to be disabled for invalid login attempts by getUserBlogs. * Ok keep me posted * Regards - This reply was modified 2 years, 4 months ago by [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/). Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘endless brute force attack’ is closed to new replies. * ![](https://ps.w.org/all-in-one-wp-security-and-firewall/assets/icon-256x256. png?rev=2798307) * [All-In-One Security (AIOS) – Security and Firewall](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/) * [Active Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/) ## Tags * [brute force](https://wordpress.org/support/topic-tag/brute-force/) * 7 replies * 3 participants * Last reply from: [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * Last activity: [2 years, 4 months ago](https://wordpress.org/support/topic/endless-brute-force-attack/#post-17345146) * Status: resolved