I keep getting these notifications in my email address. I have gotten hundreds of these in the last 48 hours. I have no idea what to do to fix this. I inquired of Cloudways (the host) as to a fix, and they said “Go to Cloudflare”, so I did that. Now I am here. What do I do to stop this?
Is my site in danger? I get these notifications about every 5 minutes.
iThemes Security Notification
Site Lockout Notification
Host/User
Lockout in Effect Until
Reason
Host: 95.173.179.118
2019-09-28 20:46:43
too many bad login attempts
Release lockouts from the Active Lockouts section of the settings page.
I have absolutely no idea why they would even think Cloudflare can help with this. These are login attempts from Turkey.
iThemes Security is a better source to help with this, as it’s their software that’s notifying you. There’s probably a setting for email alerts. I get similar alerts from Wordfence, but it’s pretty rare as Wordfence does a good job of blocking bad IP addresses from the login page.
So…do I just sit tight? Ignore it? I have a WooCommerce site and I didn’t want it to get hacked or destroyed, but I was unsure of what to do next.
There doesn’t seem to be anything wrong with the site itself, but the fact that I was flooded with HUNDREDS of emails in 2 days was upsetting. I didn’t know what to do and Cloudways tried to pawn this off onto Cloudflare, stating that Cloudways didn’t “do security at the applications level”, which I am taking to mean that if it’s within Wordpress…they don’t touch it.
Again, this is iThemes Security’s software that’s generating the email. You’ll have to look into that software’s settings.
What you can do at the Cloudflare end is block most access to the wp-login.php URL. Using Firewall Rules, you can block all access to wp-login.php from untrusted sources. Customize as needed.
I would rename your admin login page and use isecurity to do so. You can also set up firewall rules and create page rules for a browser integrity check. This will stop all bot attempts.
