Defender – brute force attack?

Hi there,

Apparently a failed brute force attack was attempted against my site.

I had Defender installed but it didn’t seem to have done anything.

Checking the logs on the server, I

can see that PHP was the culprit yesterday;

Mar 26 12:39:18 46 kernel: [163719.215635] php-cgi invoked oom-killer: gfp_mask=0x200da, order=0, oom_adj=0,


Mar 26 12:39:19 46 kernel: [163719.215641] php-cgi cpuset=/ mems_allowed=0

Mar 26 12:39:19 46 kernel: [163719.215648] Pid: 11949, comm: php-cgi Not tainted 2.6.32-642.15.1.el6.x86_64 #1

At this time, the domain was undergoing a brute force attack;

Top 20 requests

68 “POST /wp-login.php 200

37 “POST //xmlrpc.php 500

12 “POST //xmlrpc.php 200

Most of these were from an IP that isn’t hitting the server anymore ( To mitigate against this kind of

attack, which will likely recur as wordpress is quite popular, wordpress themselves have a great guide on what to do;

Something like wordpress all in one ( , or

wordfence should have tools to help obfuscate these particular pages.

Can Defender help against a brute force attack? Are there specific setting that I need to have on next time?

Thanks in advance.