Also activate Under Attack mode DDOS login failed attacked on and Site not get opened!

Hi !

My site is and I installed login notifier WordPress plugin to notify admin and user about successful and failed login attempt with IP address.

I activate under attack mode since I built site but before some days I got tons of mails regarding DDoS attack login failed attempt notifier mails with different different IP’s. So, I wan’t to check my site’s admin dashboard but due to Under Attack mode activate I can’t see my site. It’s always shows just a moment 5 second waiting screen in loop. So, I change Under attack mode to high and than login every time.

Even my customers can not see the site. They waiting so much time and leave my site because they can’t see the main page and only saw a looping just moment 5 second screen only.

Why cloud flare can’t stop DDOS attack even after Under attack mode is activated ? Why I am getting so much login failed attempt mails from different different IP’s ?

Why my site not working and getting into auto loop of Just a moment 5 second screen when I on Under Attack mode ?

Please Help me !!!


DDoS isn’t the same as brute force attempts of your login. It’s not too difficult for bots to get through Under Attack Mode to attempt logins.

Instead of Under Attack mode, which applies to the entire site, how about trying a Firewall Rule to add a CAPTCHA to login. That should stop the bots.

Hi Sdayman !

I wondered on your solution. Thanks so much for guiding me.

I do exact as you say. Let’s watch my problem is still exists or it’s solve. Give some times. If it’s still exists I let you know. Thank You !!!

By the way what about my another problem ? Whenever I turn on Under Attack mode Why my site goes in loop of “Just a moment 5 seconds” screen ? Is there any solution you want me to suggest ?


Hi Sdayman !

As I told you previously I done exactly as you told. But I still didn’t solve the problem. I still got failed login attempt !!!

Also my second problem which I mentioned previously is still exists !


Short of password-protecting your login, the CAPTCHA is as much as you can do. On the site, you can use the Wordfence plugin to further protect your site.

In the end, if you have strong unique passwords, those attempts will always fail.

As for the 5-second wait loop, I would have to see it to find out why it is happening.

Hi !

First of all thanks for your reply…

I have yesterday installed an extra google v2 recaptcha wordpress plugin for my login and sign up page and waiting for it’s result.

One more think I observe that whenever any new genuine user account created the suddenly attacker get it’s information and the attacks also starts on that account. It means any how attackers got new create account username ! This is Just my and my so many friends observation who all are facing the same issue.

We all are also observe that after creating the brand new site with new domain without joining it to the cloud flare network sites have not in the radar of attackers. We can’t face any login failed attacking problems. But whenever our site joined to the cloud flare network the login failed attempt attacks starts dramatically. It’s wonder and we have tested so many time with the same configuration of the tons of sites we built. Also dramatically attacks are stopped when we on under attack mode.

But as I earlier reported after on the under attack mode we got loop of just a moment 5 seconds screen endlessly…

Hope you find out why it is happening !!!