[ad_1]
This also must be dodgy file they are trying to login to ?
/ALFA_DATA/alfacgiapi/
Hello @kristinubute and thanks for reaching out to us!
XMLRPC.php is a file in the WordPress core that allows remote communication with a WordPress site.
The brute force login attack prevention rules protect against login attacks to the XML-RPC interface in the same way as they protect the login page:
https://www.wordfence.com/help/firewall/brute-force/
Suppose you don’t use the XML-RPC interface to log in to your site, using the WordPress application on a smartphone or tablet for example. In that case, you can disable access using the option Disable XML-RPC authentication on the Login Security >> Settings page.
Thanks!