There is not currently a way to rename wp-login.php in Wordfence, but it may be added in the future. Often, you can’t stop the bots even by renaming it, and they’ll just hit your site’s 404 page instead of getting locked out, but still using your server resources. (Unfortunately, once a bot finds that your site runs WordPress, they often won’t let up, ever! It’s almost like trying to get all companies to stop sending you physical junk mail.)
If you want to stop the email overload, but still get notices when the attacks are starting, you can set “Maximum email alerts to send per hour” in the Wordfence options to 5 or so, just so you won’t get a new email for every IP that is blocked.
Hi WFMattR
My website has been under attack now for 3 days now from Russia, Ukraine and now from Brazil with a similar time gap of 1 minute between attempts.
Thankfully Wordfence is blocking them and I’m wondering is this a global thing or just limited to one or two select websites.
If you head over to wordfence.com you can scroll down to a map that updates in real time and shows attacks. Currently there are 13,418 attempts every minute according to participants in the wordfence security network. So, it’s not probably targeted at you, @vshukla, as much as business as usual for the bot scripts out there.
@antiaging1 I would look at possibly changing your username. Make sure your display name isn’t set to the login name, etc. It’s obvious either the script or a human has found it and is trying to find a way in. There are several methods of hooking up two factor authentication which requires they have your cell phone in addition to your username and password to actually access your site which would probably give you a little more peace of mind. We have one included with the premium version of the plugin but I know there are others out there.
tim
The attacks seem to have stopped for the last 4 hours, WFSupport. So maybe like a tropical storm, the bots too have hopefully moved on. Fingers crossed.
It would be nice to figure out a way to make the unsuccessful attempts have a negative impact on the attackers so they eventually have to train their bots to avoid protected sites and move on. No one ever comes close to hacking my sites but they sure as hell seem to try real hard. Last night one site went from an avg of 2 invalid attempt emails per day to approx 2k!
We need to start thinking about a different approach because none of the security measures help protect against the actual flooding. So, if you were an attacker, what would make you ditch efforts and move on? What would be inconvenient or really slow you down? Instead if an immediate block response what about a black hole with a really long time out…slow them bots down? Bounce them off somewhere else, maybe a server specifically setup to cause them payload issues?
I have received over 600 emails in the last 12 hours, so having read this thread I have set wordfence to send 1 email an hour but that does not stop the attempts.
like pingram3541 I don’t think they will ever crack the login, especially if they only keep trying admiin, administrator & the website name!
but I would also like to see something like they suggest, a redirect somewhere, anything to frustrate them as much as this is frustrating me
talking of usernames occasionally I have seen attempts to use {domain_2}, what is that all about?
Hi everybody,
I have same issues – have got many e-mail alerts within short time. My concern is not about the numbers of e-mail alerts. I can easily delette them.
BUT MY CONCERN IS TO KNOW WHAT MEASURES I NEED TO TAKE TO FURTHER ENHANCE THE PROTECTION THAT I CURRENTLY HAVE.
PLEASE SUGGEST!
This was an upsetting experience, but like vshukla, the attacks from Russia have subsided.
How do you go about getting less frequent emails in Wordfence? Where is this setting?
And no, the attackers were using admin, administor or the name of my website and did not have my user name thank God. wordpress does not allow you to change your user name, however I found you can do this via a plug-in, so that advice really was not that useful.
I too, wish to find out WHAT DO YOU DO? I selected LEVEL 4 LOCKDOWN in security level but can tell you this did absolutely NOTHING to lessen the amount of emails — I as getting 4 a minute at one point. Yes, you can delete the emails, but it’s about having a sense of security – wordfence does INDEED need to add the feature to move the wp-login page to something else like Scuri (or whatever) does. When you are under full frontal attack like that, there must be SOMETHING you can do rather than just ride out the storm!!!!
I agree to dodo12 – please tell us – although Wordfence is BLOCKING the users, there must be a setting that is for these brute force attacks — if there isn’t, we should probably look for a better plug in that does !!
You can change your User Name on WordPress AntiAging1. You’ll have to transfer all your content such as pages and posts to the new user name and delete the old one.
One thing that I did which took some time was to actually analyze the ips that were being used and blocked a few ranges that had blacklisted ips via the Cpanel. I also used the features of Wordfence to immediately block certain user names and that reduced the number of hits.
Brute Force attacks take place sporadically and while this one took the Mickey out of me for the duration, I’m happy Wordfence kept me safe.
Thank you all for the suggestions.
AntiAging1: The setting you are looking for is “Maximum email alerts to send per hour”, under the “Alerts” header on the Wordfence Options page. I usually set it to 5 or 10 per hour, so I still know when attacks are going on, without getting overloaded with emails.
vshukla: Thank you for pitching in — blocking within the host’s control panel is a good option too, if the same IPs are hitting your site over and over.
There are additional features in the premium version that may help some of your concerns. Details are available at wordfence.com , and you can email presales [at] wordfence.com if you have questions on them.
If you use Wordfence’s Falcon cache, on the Performance Setup page (available in the free version), Wordfence can also use a more efficient method of blocking bad IPs, which can help your site keep up with big attacks like this, and can also decrease the number of emails you receive if you haven’t set a limit.
@vshukla could you tell me the range of the blacklisted Ips and certain user names. I want to block them via the Cpanel.
@dodo12, the user names were guesses by the bot so that will not be of any use to you. There were over 900 attempts on my website and I’d need to prepare a list for you which is not possible because I deleted the messages. There is no guarantee that the IPs that attacked my website were the same as yours and I would be alert that if a bot-fiend is reading this forum dialogue they decide to come up with new ones and we all have another attack.
What I did do was note a sequence, for example similar IP series and then check for blacklisting and block the entire series if I saw repeated attacks from that IP range. Mind you, this is only during the attack and then I do a clean up once I feel the coast is clear.
You can do something similar with advance blocking via the Wordfence settings inside your WordPress website.
Hope the attacks on your website have stopped.
@wfmattr, my pleasure. I sleep better at night knowing that Wordfence is holding fort for me.
