Hey folks, small business digital media guy here. Got a scary notice this morning that my admin account had too many failed login attempts and to wait 7 hours to try again. I reached out to our other two web editors and they had the same message. I imagine we were bot-attacked overnight. The site is completely functioning with no issues, so I imagine the security worked; just locked everyone out.
Our site is hosted offsite through a third party. We can definitely afford to wait the full 7 hours, but my fear is that it will happen again following this period of waiting.
My main questions: Has anyone else dealt with this? Did the lockouts happen again after waiting? Is there something my web host can do to get me and my admins back in to do work today?
Thanks for your help. I’m just a guy who updates a website who would love some feedback on this unnerving discovery this morning.
The dev can rename the security plugin to allow access, and then engage a service like Securi to harden wordpress and the server to the max.
WordPress doesn’t do this, because it doesn’t have any means of checking how many times you attempted to log in.
So obviously it’s a plugin. You can disable the plugin to allow you back in, and then adjust the plugin to not be so sensitive about it. Or turn that feature of the plugin off entirely.
Hopefully your admin account username isn’t “admin”. If it is, rename it (via the database) so something else.