[ad_1]
Hi @tomv2000,
Trust me, the Solid Security plugin does not do fake brute force attempts.
Could it be you are unaware of a method that discloses the sites’ users ? WordPress’ standpoint is that a sites’ users is public info. Which means a vanilla WordPress env does NOTHING to shield users info.
Can you share the site URL so I (and/or others) can have a look at it?
Oh, and what “Login Source” value do these invalid login entries have? Click on the “View Details” link to find out. Possible values are:
- XMLRPC Authentication
- REST API Authentication
- Login Page
+++ To prevent any confusion, I’m not SolidWP +++
I must apologize for that!
I did some quick research and found the way to read out the users.
Deactivating the API should help better.
Thanks for your help.
Greetings and have a nice evening.