I continually receive these Wordfence Alert emails from the Wordfence plugin, except they are 100% wrong.
The two anomalies that Wordfence refuse to accept are:
- We have BLOCKED all access to the login page by IP Address via .htaccess file
- Using another plugin, we have changed the name of the login page.
I genuinely want Wordfence to acknowedge and resolve the issue. It is not imagined or a fault related to this web site. I have multiple web sites where we employ the same two security measures which has seen a dramatic reduction in server issues and login ussues, yet we continue to receive these alerts.
Am I to assume Wordfence use the tactic to encourage users of the free version to consider the paid version of their software?
I posted my concerns on the support forum at Wordfence, but after 3 weeks, hundreds of views, no response from Wordfence, yes I am sceptical of the alerts.
I am no expert on these matters but am I to assume that Wordfence is monitoring the wordpress admin by IP and not taking into account, the additional measured employed by the owner and responding with ‘standard alerts’.
For WordPress users wanting to know how we ramped up our security while dramatically increase server response times, see Fixing WordPress Speed Issue
Final word: one colleague suggested I disable the Wordfence Alerts which I have now done but it does not answer or resolve why the alerts are sent.
Here is a copy of the alert and further down the page, a copy of my post at Wordfence.
[Wordfence Alert] www.domain.com User locked out from signing in
This email was sent from your website “domain” by the Wordfence plugin at Thursday 5th of November 2015 at 11:27:21 PM
The Wordfence administrative URL for this site is: http://www.domain.com/wp-admin/admin.php?page=Wordfence
A user with IP address 188.8.131.52 has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 20. The last username they tried to sign in with was: ‘xxxxxx’
User IP: 184.108.40.206
User hostname: lincloud.ebiron.com
User location: Turkey
Sceptical Wordfence Claims
I too liked Wordfence but I have to admit I have become very sceptical of Wordfence claims.
The best example I can offer is a web site where we have modified two very important security elements.
1. We have blocked access by IP address to the login page. No-one except my IP can even see the admin login page. Now I can hear everyone
saying that there are ways around this, which brings me to #2.
2. Using a clever plugin, I have changed the page name (file name) of the login page. Even if a user bypassed the IP security, they have no idea
where the login page is (/login-xyz-456).
So then, what has WordFence blocked when it sends me this email..
This email was sent from your website “XYZ” by the Wordfence plugin at Saturday 10th of October 2015 at 08:20:09 AM
The Wordfence administrative URL for this site is: http://www.xyz.com.au/wp-admin/admin.php?page=Wordfence
A user with IP address 220.127.116.11 has been locked out from the signing in or using the password recovery form for the following reason: Used
an invalid username ‘admin’ to try to sign in.
User IP: 18.104.22.168
User hostname: 181-160-215-189.baf.movistar.cl
User location: Concon, Chile
Not one blocked email either, hundreds. So what does it think its blocking?