Login whitelist

Viewing 2 replies - 1 through 2 (of 2 total)
  • Harry Hobbes

    (@harry-hobbes)

    6 days, 21 hours ago

    Note that as long as your login page is visible on the Internet, it is accessible from the Internet. That is, it is present and enabled, else you yourself would not be able to access it and log in. This means anyone else may view it and attempt to log in.

    All-In-One Security (AIOS) separates a login “attempt” from login “success.”

    1. The whitelist limits successful logins to the IP addresses in the white list. Any IP address not on the white list will fail to login.
    2. Also, any attempt not meeting the other login criteria will also fail. (“User Security > Login lockout”)
    3. The failed login attempts counts (and logs) any attempt that was not successful, based on the login criteria.
    4. The email messages are merely notifying you that those attempts were not successful.

    Consider: as long as your website presents a login page on the Internet, you cannot stop “attempts” to login; you can only prevent “successful” logins.

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    6 days, 21 hours ago

    Hi @anas000 @harry-hobbes,

    If you have login lockout events WP Security > Dashbaord > Audit logs have the “Failed login” logs,

    It will have stacktrace link which will open popup so you may know which script file being used to try failed login attempt.

    In past from audit logs xmlrpc.php was being called which also try authenticate the user.

    XML RPC call of wp_getUsersBlogs is trying to authenticate the user. – WP Security > Firewall > PHP rules tab > Completely block access to XMLRPC, Disable pingback functionality from XMLRPC. Please check both and Save.”

    Regards

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Tags