Hi @neschner
Enabling the Security Digest email is an option. The disadvantage is that other emails also won’t get sent.
It’s probably better to check in the Logs page what type of brute force attacks (usually login page or xmlrpc) is generating the “admin” invalid login attempts.
Then configure/enable plugin features that prevent that type of brute force attacks.
+++++ To prevent any confusion, I’m not iThemes +++++
-
This reply was modified 2 years, 10 months ago by
nlpro.
How should a admin login be prevented? I already have checked that “admin” logins are automaticly host banned. Thats the reason the email gets generated.
This is my log of the “admin” login. What could be done to prevent this to not get 20 mails everyday?
id => 85423
module => brute_force
type => notice
code => auto-ban-admin-username
timestamp => 2021-08-16 05:27:39
init_timestamp => 2021-08-16 05:27:38
remote_ip => 162.55.53.198
user_id => [empty string]
url =>
memory_current => 78468880
memory_peak => 79869296
data => Array
details => Array
source => wp-login.php
authentication_types => Array
0 => username_and_password
user => Object WP_Error
errors => Array
invalid_username => Array
0 => Unbekannter Benutzername. Überprüfe ihn noch einmal oder versuche es mit deiner E-Mail-Adresse.
error_data => Array()
username => admin
SERVER => Array
REQUEST_METHOD => POST
SERVER_PROTOCOL => HTTP/1.1
SCRIPT_FILENAME => /home/www/wordpress/wp-login.php
REQUEST_SCHEME => https
HTTP_CONNECTION => close
HTTP_ACCEPT_ENCODING => gzip
CONTENT_TYPE => application/x-www-form-urlencoded
CONTENT_LENGTH => 98
HTTP_USER_AGENT => Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
HTTP_HOST =>
HTTP_AUTHORIZATION => [empty string]
HTTPS => on
REQUEST_TIME_FLOAT => [double] 1629091658.1929
REQUEST_TIME => [integer] 1629091658
Below the part that tells you that the (admin) brute force attempt seems to be done through the login page:
source => wp-login.php
So enabling the iTSec plugin Hide Backend feature (if not already) could help prevent the login attempts. It depends a bit on whether you have a WordPress Dashboard login link on your home page or not. If so there is no point in enabling the Hide Backend feature;-)