-1

I'm getting attacks at wp-admin from numerous countries and IPs. When I get a notification from Wordfence that there has been an attack, I blacklist the originating country from the WP backend. Then I get more attacks from other countries. Should I keep blacklisting countries, or try another method?

(Already in place: good password, not an obvious login name, 3 failures, 3 failed forgotten passwords, 4-hour lockout.)

Thanks for any suggestions.

JL1953
  • 3
  • 1
  • 1
    Who should be able to log in to your site? Only you, others, from what countries? If it's just you or one country, you can just block all the rest. – reed Dec 01 '18 at 18:35
  • Reed: I followed your reminder to block every country besides the U.S. Since doing so, I'm not getting any warnings that foreign-based hackers are trying to get into my site. Thanks! – JL1953 Dec 03 '18 at 02:57

1 Answers1

0

I think what you did is enough. If someone from another country really wants to bruteforce your credentials, he can use a proxy / vpn but will still be blocked by your security mechanisms. Blacklisting other countries could be interesting only if a non human tries the bruteforce automatically.

T. Rode
  • 91
  • 5
  • It probably doesn't matter, but I'm wondering if it's one person who is somehow spoofing IP addresses traceable to many countries. There is a pattern to the usernames that the attacker(s) is/are trying. – JL1953 Dec 01 '18 at 19:32