[Defender] Are these many IP lockouts normal?

Hi,

Last month Defender recorded (a whopping) 1833 IP lockouts from all over the world (China, Ukrain, Turkey, USA and so on). I also checked another site of mine which had 0 failed login attempts or ip lockouts. So do I have to worry about this? I just activated 2-factor authentication just to be sure, but every other Defender option was already active and hopefully did their jobs. Do or can I do anything else to protect my site?

Regards,
Julius

  • Adam Czajczyk

    Hi Julius Huitema,

    I hope you're well today and thank you for your question!

    I think that we can say that Defender is doing its job here well :slight_smile:

    That many lockouts may suggest that a lot of bots is trying to access the site and I would actually assume that these are "spam bots" trying to create fake user accounts on site to use them for "spamming reasons".

    That's, unfortunately, more and more common thing. If a site's reasonably well indexed in Google and/or quite popular, it's usually just a matter of time when bots will find it and start "knocking on the door" :slight_frown:

    What could be done apart from using Defender?

    For sure you should take care of keeping the site fully up to date. That's essentials step. It might be also good to "review" user accounts from time to time and if you can see that there are some accounts that are actually "dead", just remove them (it's pretty common that somebody registers on the site or is given an account but never uses it anyway).

    You can try to force password change every now and then: https://wordpress.org/plugins/expire-passwords/. Though I'd say that this is optional. It's just an additional security measure but it won't stop bots from "knocking on".

    Make sure that site's protected with SSL certificate (so it's available only over https:// connection).

    I would also go for a CDN such as (even their free plan would be fine) CloudFlare as this might significantly lower the "bot/hack(ish) traffic" and partially also prevent DDoS.

    I hope that helps :slight_smile:

    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.