1. Immediately lock out invalid usernames: Unchecked
Logging in as invalid user admin
, I see an ERROR on the phone …
… and this Wordfence Live Traffic log entry:
Logging in as invalid user [login]
, I see an ERROR on the phone…
… and this Wordfence Live Traffic entry:
2. Immediately lock out invalid usernames: Checked
Logging in as an invalid user admin
, I see a temporary limited on the phone …
… and these Wordfence entries:
Similarly for invalid user [login]…
3. Immediately block IP for invalid usernames
Logging in as an invalid user admin
, I see the same temporarily limited message on the phone. I don’t see an entry logged in Live Traffic, but I do see the following block:
Is this expected behaviour, i.e. not logging a Live Traffic entry? Also, the block is a lot shorter in duration (five minutes) than a lockout (four hours). Shouldn’t it be longer?
Logging in as an invalid user [login]
, produces a similar result.
4. Immediately lock out invalid usernames: Unchecked, but continue to immediately block IP for invalid usernames
Same results as in test #3.
Summary
Test | Lock out | Block entry | Phone | Live Traffic log | Current Block |
---|---|---|---|---|---|
1 | N | N | Err Msg | Y | N |
2 | Y | N | limited | Y | Lockout |
3 | Y | Y | limited | N | Block |
4 | N | Y | limited | N | Block |
Observations:
- If there are invalid username entries (Block entry), checking or unchecking the lockout checkbox makes no difference to the observed result.
- If there are invalid username entries (Block entry), an entry is not logged in Live Traffic, but a Current Block is put in place, but only for five minutes.
- The results are only true if the Page Visited is
/wp-admin/admin-ajax.php
Under the same settings as test #3 i.e. lockout checkbox checked with invalid username entries, but this time when the page visited is /xmlrpc.php
,
Wordfence reports for user [login]
…
and I suspect for user admin
, though I can’t confirm a block just yet as this entry was earlier in the day …