WP DEFENDER Login Lockouts - Brute force attack

Hello,
we have been receiving more than 120 notifications of loggin lockouts from Defender, coming from multiple IPs trying to connect with a username close to the one of our admin account.

We activated the automatic banning of IPs for the moment, and wanted to know what would be your recommended action to avoid this brute force attack, currently happening on our site (7.10PM - GMT+1)

  • Rupok
    • Support Ninja

    Hi Oldcontinent,

    Thanks for asking. As that attack is coming to your login page, I'll suggest you to change your default login URL. To know how you can do this, you can check this blog post: https://premium.wpmudev.org/blog/hide-wordpress-login-page/

    As attacker don't know your new login URL, the brute force attack will stop I guess.

    Moreover, I'll suggest you to complete all hardening steps in Defender. That will make your site more secure.

    Please let us know if you have any further query. We will be glad to help.

    Have a nice day. Cheers!
    Rupok

  • Ken Hobbs
    • New Recruit

    Hi, hope this is the right place for a follow-up question.

    I will be changing the login URL on my sites but need to coordinate with all my clients so it will take a little time. In the meantime, should I be concerned with performance if I have a couple thousand IPs that are locked out? I see that the blocks are logged in a MySQL table so each request must do a lookup. Have you seen and performance degredation with large numbers of blocks?

    Thanks!

  • Kasia Swiderska
    • Support nomad

    Hello Ken,

    That really depends on the server resources - it might be a problem on poor, shared hostings accounts, but at the moment I don't see reports about issues with IP lockouts.
    I am using Defender on one of my sites on decent hosting and from time to time it is flooded with brute force login attempts, but I haven't noticed any issues with that.

    kind regards,
    Kasia

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.