Hi @dianedeboer
You should enable login lockout for invalid attempts. stop user enumeration and xml rpc ping back
WP security > User login > Login lock out tab there enable login lockout also check “Instantly lockout invalid usernames:”.
WP Security > Miscellaneous > User enumeration tab check there stop user enumeration and save
WP Security > Firewall > Basic firewall rules tab > Completely block access to XMLRPC , Disable pingback functionality from XMLRPC Please check both and Save – XML RPC call of wp_getUsersBlogs is trying to authenticate the user which may be issue as bot.
Also you can enable captcha on login page using WP security > Brute force > Captcha settings.
Also if you can change the link to the login page for end user you should use renamed login page.
WP security > Brute force > Rename login page. Enable the renamed login
Regards
Thank your for this. I have checked everything accept Renaming login page. I will have to read about this before doing.
With regards
Diane
I wil close this ticket now.
@dianedeboer
Ok, Would you mind writing a quick five-star review?
https://ww.wp.xz.cn/support/plugin/all-in-one-wp-security-and-firewall/reviews/#new-post
Reviews also help others to make confident decisions about our plugin.
