I’ve been facing a recurring issue with my WordPress website lately and could really use some guidance. Despite taking measures such as hiding the login page on a different URL and implementing an extension I personally developed to track unsuccessful login attempts, I continue to experience numerous brute force attacks on a daily basis.
What’s particularly concerning is that it seems like there might be human involvement behind these attacks. I’ve come across entries like “F\*ckThis,” which strongly suggests manual input rather than automated bots. The requests are consistently grouped by time but originate from different IP addresses.
I’m curious if anyone else has encountered a similar situation and what strategies or techniques you’ve used to mitigate or prevent these attacks. Are there any additional steps I could take to enhance the security of my website? Or is this a widespread issue that others are also grappling with?
Any tips, tricks, or insights would be greatly appreciated. Thanks in advance for your help!
[ad_2]
Trick 1
Try using Wordfence, it has an option to block Bruteforce attempts, it also blocks any IP that attempts to do that.
Trick 2
Use Hide My WP Ghost, Change the main URLs (wp-admin for example to something else etc..)
Wordfence and Cloudflare WAF rules.