What to do against Failed Login attempts

Hi, my settings allow 5 login attempts before a 5 min lockout.

The defender plugin shows almost 2000 failed login attempts, and 100ts of lockouts from several IP addresses. I ban each IP address manually, but login attempts keep coming from different IPs.

Does that automatically mean, that someone tries to bring damage to my site?

Or is there any other explanation why so many login attempts can occur?

  • Alex Stine
    • System Administrator

    Hello Julius
    Hope you're well!

    The lock outs you are seeing can be caused by two things. The first is going over the login limit, the second is getting a lot of 404 page errors. Say you deleted a post and a visitor tries to visit it through Google, they will get a 404 error because the content cannot be found. There's a useful tool to check for these, I recommend checking it out.

    I think at this point it would be worth setting a higher lockout time. I would start at one hour and keep increasing it if the attacks keep coming. At the end of the day when you are getting so many attacks, it means your server is constantly trying to keep up with all these false visitors. You do not want to risk crashing a server, it might be worth an investment in a WAF that will stop the bad visits before they hit your site. A couple good WAF providers include Sucuri and CloudFlare.

    Hope this helps.

    Alex :smiley:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.