Page 1 of 2 12 LastLast
Results 1 to 20 of 29
  1. #1
    xecutable's Avatar
    xecutable is offline Private Member
    Join Date
    March 2011
    Location
    Zurich, Switzerland
    Posts
    1,939
    Thanks
    571
    Thanked 1,190 Times in 689 Posts

    Default Crazy amount of locked out sign ins on Wordpress

    Has anyone with wordpress and wordfence noticed this? Over the past few months, the amount of bots trying to login with username "admin" "administrator" and anything generic has escalated from like 1-2-3 a day to 1-10 each MINUTE.

    My inbox gets over 500 emails a day from locked out bots mostly from Russia or countries around there, occasional US and China bots too.

  2. The Following User Says Thank You to xecutable For This Useful Post:

    -Shay- (27 November 2015)

  3. #2
    Triple7 is offline Private Member
    Join Date
    January 2015
    Posts
    2,889
    Thanks
    2,067
    Thanked 2,471 Times in 1,341 Posts

    Default

    Yep, but mainly from France and the US. I'm having quite a strict lock out policy so the numbers are smaller, but the idea is the same.

  4. #3
    wonderpunter's Avatar
    wonderpunter is offline Private Member
    Join Date
    August 2013
    Posts
    3,108
    Blog Entries
    5
    Thanks
    416
    Thanked 1,883 Times in 1,158 Posts

    Default

    Yup always..

  5. #4
    -Shay- is offline Public Member
    Join Date
    November 2012
    Posts
    3,062
    Thanks
    12,211
    Thanked 3,134 Times in 1,686 Posts

    Default

    Quote Originally Posted by xecutable View Post
    Has anyone with wordpress and wordfence noticed this? Over the past few months, the amount of bots trying to login with username "admin" "administrator" and anything generic has escalated from like 1-2-3 a day to 1-10 each MINUTE.

    My inbox gets over 500 emails a day from locked out bots mostly from Russia or countries around there, occasional US and China bots too.
    Yes, just had some asshats try for over 28 hours straight

  6. #5
    RacingJim is offline Public Member
    Join Date
    May 2013
    Posts
    1,872
    Thanks
    882
    Thanked 1,362 Times in 841 Posts

    Default

    Can they try to overrun and slow down your server with these sorts of things, or is it a legit attempt to hack the site? I've had some stuff like this, I guess one way of easily keeping your sites a bit more secure is to not have the 'admin' username as standard. I always choose another username which seems to immediately fend off some crude hacking attempts. With mine it seemed more like an attempt to bring the server down with tons of login attempts.

  7. #6
    GambleThenWin's Avatar
    GambleThenWin is offline Private Member
    Join Date
    November 2015
    Location
    Macedonia
    Posts
    35
    Thanks
    14
    Thanked 10 Times in 7 Posts

    Default

    Any every wordpress site that I manage (two currently ))). This happens mainly with IP addresses from the US

  8. #7
    -Shay- is offline Public Member
    Join Date
    November 2012
    Posts
    3,062
    Thanks
    12,211
    Thanked 3,134 Times in 1,686 Posts

    Default

    Quote Originally Posted by RacingJim View Post
    Can they try to overrun and slow down your server with these sorts of things, or is it a legit attempt to hack the site? I've had some stuff like this, I guess one way of easily keeping your sites a bit more secure is to not have the 'admin' username as standard. I always choose another username which seems to immediately fend off some crude hacking attempts. With mine it seemed more like an attempt to bring the server down with tons of login attempts.
    I think it is a combination of both ("let's slow them down and if we can gain access, we've hit the bonus round").

    We've been on the receiving end of what I firmly believe to be a very "targeted" attack on us for almost the last two months running and while the origin "appears" to be US, Russia, and Africa - I do not believe that is the true origin of the attacks.

  9. #8
    wonderpunter's Avatar
    wonderpunter is offline Private Member
    Join Date
    August 2013
    Posts
    3,108
    Blog Entries
    5
    Thanks
    416
    Thanked 1,883 Times in 1,158 Posts

    Default

    Quote Originally Posted by RacingJim View Post
    Can they try to overrun and slow down your server with these sorts of things, or is it a legit attempt to hack the site? I've had some stuff like this, I guess one way of easily keeping your sites a bit more secure is to not have the 'admin' username as standard. I always choose another username which seems to immediately fend off some crude hacking attempts. With mine it seemed more like an attempt to bring the server down with tons of login attempts.
    They would need quite a few attempts to slow your server, i get a lot from Denmark, Sweden and the USA I use Cloudflare which is pretty good at eliminating a large amount of suspicious traffic and then wordfence does another good job of catching what cloudflare lets through, couple that with a strong password you don't need to sweat

  10. #9
    MMM
    MMM is offline Private Member
    Join Date
    October 2014
    Posts
    1,637
    Thanks
    424
    Thanked 680 Times in 472 Posts

    Default

    Always had a few per day but the past 3 days it's every 1-2 minutes.
    Best casinos to play slot machines online for real money. Reviews of best Real Money Casinos online.
    Check OnlineBlackjackExplorer for ratings of the best casinos to play blackjack online. Which games offer the lowest house edge, as well as free blackjack games, live dealer and mobile blackjack sites.

  11. #10
    sweetbet's Avatar
    sweetbet is offline Public Member
    Join Date
    November 2012
    Posts
    2,823
    Blog Entries
    5
    Thanks
    898
    Thanked 1,573 Times in 1,086 Posts

    Default

    I get tons of attempts from Ukraine, Russia and China. Adding a captcha WP plugin (ie. SI CAPTCHA Anti-Spam) is a great way of making sure that those automated login attempts never succeed.

  12. The Following 2 Users Say Thank You to sweetbet For This Useful Post:

    -Shay- (27 November 2015), GambleThenWin (27 November 2015)

  13. #11
    GambleThenWin's Avatar
    GambleThenWin is offline Private Member
    Join Date
    November 2015
    Location
    Macedonia
    Posts
    35
    Thanks
    14
    Thanked 10 Times in 7 Posts

    Default

    sweetbet, can you recommend a captcha plugin?
    My humble Affiliate site
    http://gamblethenwin.com/

  14. #12
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    32,172
    Thanks
    3,762
    Thanked 8,743 Times in 5,577 Posts

    Default

    Use all-in-one-wpsecurity and MOVE the login page and the majority of the problem GOES AWAY!

    Pick a word that ONLY YOU know.

    As a standard some search bots (used by bad actors) look for the default page wp-login and if found the domain is put on a list for brute force attacks later.

    I have seen sites where I forgot to move the url and have seen thousands and thousands of attempts per hour.

    Rick
    Universal4

  15. The Following 2 Users Say Thank You to universal4 For This Useful Post:

    GambleThenWin (28 November 2015), xecutable (28 November 2015)

  16. #13
    sweetbet's Avatar
    sweetbet is offline Public Member
    Join Date
    November 2012
    Posts
    2,823
    Blog Entries
    5
    Thanks
    898
    Thanked 1,573 Times in 1,086 Posts

    Default

    Quote Originally Posted by GambleThenWin View Post
    sweetbet, can you recommend a captcha plugin?
    I can recommend https://wordpress.org/plugins/si-captcha-for-wordpress/

  17. The Following User Says Thank You to sweetbet For This Useful Post:

    GambleThenWin (28 November 2015)

  18. #14
    xecutable's Avatar
    xecutable is offline Private Member
    Join Date
    March 2011
    Location
    Zurich, Switzerland
    Posts
    1,939
    Thanks
    571
    Thanked 1,190 Times in 689 Posts

    Default

    Rick if you move the URL, will this break any login? Or mind sharing a proper guide of doing it?

  19. #15
    casasdeapostas.info's Avatar
    casasdeapostas.info is offline Private Member
    Join Date
    June 2011
    Posts
    179
    Thanks
    0
    Thanked 3 Times in 3 Posts

    Default

    You can manage this is several ways:

    - a simple but (almost) always effective plugin, IQ block country, will block about 80-90% of the traffic from specific countries (I have blocked everything near Russia here)

    - WP Cerber plugin, it limits login attempts and block IPs. There's an option to change admin page and block the access to wp-admin.php file. There's also a very useful option to block every IP that tries to login with an invalid username. So, you just need to create a new admin account without the words "admin" "administrator", etc.. then delete the old ones, and when someone tries to login as admin, booom - blocked (it can be forever, if you want). https://wordpress.org/plugins/wp-cerber/

    - I have some specific IP ranges banned on server level and on Wordpress too. (mostly IPs from Israel). I've had a few attacks from Israel in the past... that's where lots of affiliates companies are located.. (coincidence? no, I know who they are.. but let's move on).

  20. The Following 2 Users Say Thank You to casasdeapostas.info For This Useful Post:

    -Shay- (28 November 2015), alin04 (28 November 2015)

  21. #16
    vardan's Avatar
    vardan is offline Private Member
    Join Date
    March 2014
    Location
    Barcelona, Spain
    Posts
    431
    Thanks
    391
    Thanked 231 Times in 156 Posts

    Default

    The same here. I've moved the usual wordpress login page(wp-login.php) and I see only a huge amount of 404 errors for that page. The plugin mentioned by Rick, all in one wp security, is a great tool, just try it and you will see the benefit. For the hackers it will be extremely hard to find the custom login page. Also Limit login attempts and Stealth login page plugins can help you to secure your site.

  22. #17
    alin04 is offline Public Member
    Join Date
    January 2013
    Location
    Paris
    Posts
    518
    Thanks
    420
    Thanked 209 Times in 127 Posts

    Default

    Universal4, how to MOVE the login page?

  23. #18
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    32,172
    Thanks
    3,762
    Thanked 8,743 Times in 5,577 Posts

    Default

    To move the login.

    #1) Backup everything

    #2) Install the all-in-one-wpsecurity plugin

    #3) Go to the Brute Force and look for (Rename Login Page Settings) section and pick a word to use and enable it and "Save Settings"

    #4) Log out and then log back in at the new url http://www.domain.com/wordchosen

    Then check out some of the other features if they would be handy for you or would help fit into your overall security strategy.

    Rick
    Universal4

  24. The Following 3 Users Say Thank You to universal4 For This Useful Post:

    alin04 (28 November 2015), suffolkpoker (28 November 2015), xecutable (28 November 2015)

  25. #19
    alin04 is offline Public Member
    Join Date
    January 2013
    Location
    Paris
    Posts
    518
    Thanks
    420
    Thanked 209 Times in 127 Posts

    Default

    Thanks Rick.
    And all the webmasters said that wp is the best platform for a site. I don t see this kind of atacks on blogger.

  26. #20
    xecutable's Avatar
    xecutable is offline Private Member
    Join Date
    March 2011
    Location
    Zurich, Switzerland
    Posts
    1,939
    Thanks
    571
    Thanked 1,190 Times in 689 Posts

    Default

    Because blogger isnt as popular and therefore pointless to target. The thing that makes wordpress so damn appealing is the millions of plugins and themes out there, making impossible is nothing (yah sue me Adidas for using it). Thanks Rick, will look into it.

  27. The Following 2 Users Say Thank You to xecutable For This Useful Post:

    -Shay- (28 November 2015), alin04 (29 November 2015)

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •