WordPress Brute Force Login Security

I have implemented the following suggestions 24 hours ago and they do not seem to be working.

Browser integrity check: on
Security level: I’m under attack

domain.com/wp-login.php*

I am still showing within the logs multiple attempts, one after the other within seconds from the same IP address. Shouldn’t this stop this?

What is the IP address attacking you, and do you had mod_Cloudflare installed (or have you restored visitor IPs?)

I do not have mod_Cloudflare is not installed; what does this do?

The IPs are:
162.158.126.0 and 108.162.219.0

Both were identically on timing and using the same username. There was 258 requests all within a 10 minute window. The username they were using does not exist – in fact, we don’t use usernames, the system is designed for emails only.

My only concern is, why did this happen when this security I have setup is suppose to stop that.


To add to this; the server is using Litespeed. Don’t think mod_Cloudflare will work.

This IP addresses are owned by Cloudflare, you have to log “CF-Connecting-IP” header to get actual IP address of attacker.

Also I’m not into Wordpress, but I’m sure there will be some anti brute force plugin or something you can install.

Are you sure? IPs can’t end with .0. I recommend going to your login page and ensuring you get the browser check window.

Here are screenshots.

59%20PM

I get the message; it checks my browser with the animated buttons and after 5 secs I am forwarded to the login page.

What security system or plugin is that? IPs never end in .0, so an attacker could potentially be sending a fake X-Forwarded-For header or something of the sorts to throw off your software.

That is Simple History that tracks and records everything. The only thing is, even if it is a fake IP, how did they get by Cloudflare “I am under attack”. I will leave this for now as I haven’t see them since back. Before I got tons of these. Just strange that one came in like that after running this for 24 hours.

IPs ending with 0 is completely normal nowadays, and both IP addresses are owned by Cloudflare.

This plugin does brute force prevention, hidden login page, and lots of other security features on a WP site.

This topic was automatically closed after 30 days. New replies are no longer allowed.