Tag Cloud

contact form 7 Email imap letsencrypt nodejs outlook prefix REST API security TLS troubleshooting web applications web server wordpress wp-json

  Support

Support Tickets
Latest News
Knowledge Base
System Status
Create Support Ticket

You received an alert about failed login attempts for your website Print

  • 1

Problem Description

  • You receive an email or alert within your website admin indicating there were failed login attempts
  • You have a WordPress website and you receive an email saying something like "16 failed login attempts (4 lockout(s)) from IP 1.2.3.4)
  • You have a WordPress website and you receive an email from WordFence or other security plugin indicating failed login attempts

Problem Resolution

Please test your password(s) using LastPass Password Strength checker to ensure that they are strong. As long as you are using strong passwords, you shouldn't need to do a thing when you receive an alert like those listed above.

This is because our firewall solutions are regularly monitoring for failed logins and blocking the responsible IPs. On our shared servers using Imunify360 firewall, it can take up to 48 hours for the distributed firewall system to detect bruteforce attacks and block the IP address. As long as your passwords are sufficiently strong, you don't have to do a thing to ensure optimal security of your website. With strong passwords, it takes millions or trillions of login attempts to bruteforce (hack) the password to access your website.

If you are suddenly seeing this when you haven't previously, it's likely because of a new botnet. Botnets are giant lists of hacked computers all around the world and new ones spring up all the time, though larger ones that specifically attack web apps like WordPress tend to be more rare. It takes our firewalls roughly 48-72 hours to adapt to the new botnet IPs, which is why you're only seeing this now.

(Details comparing WordFence to Imunify360 here)

Extra Cautious Solutions:

If you wish to be extra cautious, then you can follow these steps:

  1. Change the corresponding password. For example, you can learn how to change your WordPress password here.
  2. If you're seeing thousands of failed login attempts from the same IP, you can always open a ticket to ask us if it's been blocked, but make sure it's reached thousands before doing so.
  3. If you are operating your own unmanaged VPS, there's a few options to help with this. If using Plesk, enable IP address banning, particularly with the WordPress jails enabled. If you're not using Plesk, learn how to enable fail2ban from command line, though you will need to find your own WordPress-specific configuration as WordPress bruteforce protection isn't built-in.

Was this answer helpful?

Related Articles

What is the path and version of Perl, MySQL, etc? Paths are listed below. Versions will change over time, so we have not included them here. PHP... How do I get a PHP configuration value or version changed? Problem Description Any one or multiple of the following are true: You wish to change a PHP... Why don't I have permission to delete my own files? Problem Description When logged in via FTP or using the Plesk File Manager, you're unable to... My Joomla/Mambo installation is suddenly not working! What should I do? The primary cause of a Mambo (now Joomla) install failing is because of a hacking attempt at your... My application requires PHP Safe_Mode to be off If your application requires the PHP safe_mode directive to be set to 'Off' then you...
← Back

  Tag Cloud

contact form 7 Email imap letsencrypt nodejs outlook prefix REST API security TLS troubleshooting web applications web server wordpress wp-json

  Support

Support Tickets
Latest News
Knowledge Base
System Status
Create Support Ticket