Whitelisted IPs & Changed wp-admin link – still not working against multiple bruce force attacks

[ad_1]

So yeah.. I changed the wp-admin link to something else, and white listed only the IPs we need.

Somehow the botnet is still submitting login form requests.. it’s coming from multiple IP addresses and doesn’t stop. It’s clinged onto one username it’s confirmed is real… and is just trying over and over again.

I have whitelisting enabled and tested it from another IP address.. it’s confirmed I cannot access it. How can I further block any possibility of these foreign IPs from processing login requests?

Thanks.

[ad_2]
1 Comment

  1. The wp-login page is not the only way you can attempt to login. There’s also the xml-rpc API and the REST api that accept credentials.

    You really need some sort of firewall, like WordFence on the WordPress side or Cloudflare in front of your site.

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer