Yes, there has been a recent rise in Brute Force Login Activity on the Internet.
If someone is logging in with your user account then they know that name of that user account. Note: The email address for each user account is associated with that user account and is stored in your WordPress Database. You will see the email addresses associated with each user account logged in Login Security.
WordPress itself, Plugins and Themes can all display your user account name publicly on your website – typically with the the_author_link() function or other WordPress functions that display the author url and display your user account name publicly.
Here are some Forum links for things that you can do about not exposing and protecting your author name/user account name.
http://forum.ait-pro.com/forums/topic/user-account-locked/
http://forum.ait-pro.com/forums/topic/revealing-the-admin-or-editor-user-name-and-not-knowing/
Blocking by IP address is not effective
Blocking by IP address is not effective and is time consuming and will go on til the end of time since hackers and spammers can switch to and use millions of IP addresses automatically – complete waste of time since you are trying to block an unknown factor – millions of possible IP addresses.
We spent months researching blocking by IP address and found that it is a complete waste of time.
http://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/
Allowing by IP is effective
When Allowing by IP Address you are allowing something that is known/finite that you can control vs trying to block IP addresses that are unknown (as soon as you block an IP address the automated hackerbot/spammerbot program switches to another IP address automatically) . There are also additional options such as the Simple Query String code method in the link below.
http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/
# Protect wp-login.php from Brute Force Login Attacks based on IP Address <FilesMatch "^(wp-login\.php)"> Order Allow,Deny # Add your website domain name Allow from example.com # Add your website/Server IP Address Allow from 69.200.95.1 # Add your Public IP Address using 2 or 3 octets so that if/when # your IP address changes it will still be in your subnet range. If you # have a static IP address then use all 4 octets. # Examples: 2 octets: 65.100. 3 octets: 65.100.50. 4 octets: 65.100.50.1 Allow from 65.100.50. </FilesMatch>
-
This reply was modified 3 hours, 58 minutes ago by
![Avatar of AITpro Admin]()
AITpro Admin.
-
This reply was modified 3 hours, 56 minutes ago by
![Avatar of AITpro Admin]()
AITpro Admin.
-
This reply was modified 3 hours, 54 minutes ago by
![Avatar of AITpro Admin]()
AITpro Admin.
