You are reading a single comment by @Velocio and its replies.
Click here to read the full conversation.
-
How many login attempts to a wordpress website would be cause for concern?
Oooh... one of my favourite topics.
Sign up to Cloudflare and use a Firewall Rule to protect /wp-admin if not from a certain IP (your home IP).
Done.
But otherwise Wordpress sites normally see massive login attempts in two ways:
- Attempting to brute force the website
- Attempting to brute force any ssh access
The first you can solve with a firewall rule.
The second, install
fail2banand configure that... if more than a few SSH attempts fail to auth in quick succession the IP of the client can be banned automatically for some period of time. - Attempting to brute force the website
Velocio
How many login attempts to a wordpress website would be cause for concern?
I usually get about 10-20 per day. I use Limit Login Attempts Reloaded plugin on the site in question.
All attempts are usually in batches from a single IP which then gets blocked after x tries so I presume it's low effort automation rather than specifically being targeted. Anything I can do to ensure security? Password is pretty solid, though it's stored in Chrome. My Chrome password is also pretty solid as these things go and I keep an eye on where it's being accessed.