How do you know they are fake attempts? Have you cross referenced the IP addresses to confirm this? Limit Login attempts has been around for 5+ years so they would be exposed if they were engaging in this practice. Also, tell me a plugin that doesn’t try to sell you their upgraded version, it’s just how software works.
Plugin Author
WPChef
(@wpchefgadget)
Where’s your evidence? It’s easy to complain w/o the evidence. But our plugin only protects the login pages and doesn’t do anything for regular ones.
I renamed wp-login.php to something entirely different with a different extension. I left it like that for at least a week. I keep getting spammed with notifications of failed login attempts.
Today I renamed the file to the original, logged-in immediately and saw on the dashboard that I had 5 failed login attempts today.
So, this is quite concerning and I have decided to uninstall the plug-in. It feels like the vendor is using fear tactics to sell.
Unless somebody can explain how bots going after known entry points can attempt a login that would get detected by this plugin even when the entry point is no longer available, I’m certainly not going to recommend this plugin.
Plugin Author
WPChef
(@wpchefgadget)
You should read this article and don’t forget that you also have xmlrpc.php file that brute force scripts.
