Home Forums WordPress Plugins Hide My WP Unauthorized login attempts keep comming

This topic is: not resolved
Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #12414
    tntfactory
    Post count: 3

    Hello,

    I have bought, installed and authorized your plugin on my website, but I still get information about unauthorized login attempts. Can you please tell me how can that be possible?

    Regards,
    Zel

    #12416
    Suman M.
    Post count: 12478

    Hi, where exactly are you getting information about unauthorized login attempts? And what message so you see there?

    #12417
    tntfactory
    Post count: 3

    I get the messages from Sucuri Security – Auditing, Malware Scanner and Security Hardening plugin.

    Subject: Failed Login

    Login Info:
    Time: October 20, 2016 12:57 pm

    Website Info:
    Site: http://xxxxxxxxxxxx.com
    IP Address: 222.231.70.144

    Notification:
    User authentication failed: tntfactory

    Explanation: Someone failed to login to your site. If you are getting too many of these messages, it is likely your site is under a password guessing brute-force attack [1]. You can disable the failed login alerts from here [2]. Alternatively, you can consider to install a firewall between your website and your visitors to filter out these and other attacks, take a look at Sucuri CloudProxy [3].

    #12423
    Suman M.
    Post count: 12478

    In HMWP settings, have you enabled these two options?
    – Hide Login Page
    – Hide Admin

    If you have secured wp-login.php with secret keyword, make sure you do not share with anyone.

    When you get failed login attempt from Sucuri, does it also tell using which URL someone tried to login?

    #12426
    tntfactory
    Post count: 3

    Yes, I have setup the plugin, and hided the login and admin. I set the secret keyword, and the email with information from your plugin came to me. So, basically all checks. But yet, I get these notifications, which is kind of frustrating, don’t you think?

    Unfortunately, Sucuri does not say from which page the login attempt came.

    #12440
    Suman M.
    Post count: 12478

    Yes, we understand your concern, but we cannot say it specifically until we know when exactly the error is generated, i.e. whether Sucuri sends the above alert when someone actually tries to login or when tries to visit wp-admin or wp-login.php page.

    #12442
    tntfactory
    Post count: 3

    The thing is, I had at least 30 login attempts since I installed the plugin last night. And, that by itself, is alarm that there is something wrong. This is brand new WP installation, so I am running out of ideas what could cause them to go by your plugin and try to login.

    #12449
    Suman M.
    Post count: 12478

    Our question is that, may be Sucuri sends the above alert message when someone tries to access /wp-admin or /wp-login.php and in such case you need not worry as these addresses are no more available.
    As Sucuri doesn’t provide with referrer URL we can’t exactly know when the alert is generated.

    • This reply was modified 7 years, 5 months ago by Suman M..
Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.