Posted on Leave a comment

More comprehensive tests

1. Immediately lock out invalid usernames: Unchecked

Logging in as invalid user admin, I see an ERROR on the phone …

… and this Wordfence Live Traffic log entry:

Logging in as invalid user [login], I see an ERROR on the phone…

… and this Wordfence Live Traffic entry:

2. Immediately lock out invalid usernames: Checked

Logging in as an invalid user admin, I see a temporary limited on the phone …

… and these Wordfence entries:

Similarly for invalid user [login]…

3. Immediately block IP for invalid usernames

Logging in as an invalid user admin, I see the same temporarily limited message on the phone. I don’t see an entry logged in Live Traffic, but I do see the following block:

Is this expected behaviour, i.e. not logging a Live Traffic entry? Also, the block is a lot shorter in duration (five minutes) than a lockout (four hours). Shouldn’t it be longer?

Logging in as an invalid user [login], produces a similar result.

4. Immediately lock out invalid usernames: Unchecked, but continue to immediately block IP for invalid usernames

Same results as in test #3.

Summary

TestLock outBlock entryPhoneLive Traffic logCurrent Block
1NNErr MsgYN
2YNlimitedYLockout
3YYlimitedNBlock
4NYlimitedNBlock

Observations:

  1. If there are invalid username entries (Block entry), checking or unchecking the lockout checkbox makes no difference to the observed result.
  2. If there are invalid username entries (Block entry), an entry is not logged in Live Traffic, but a Current Block is put in place, but only for five minutes.
  3. The results are only true if the Page Visited is /wp-admin/admin-ajax.php

Under the same settings as test #3 i.e. lockout checkbox checked with invalid username entries, but this time when the page visited is /xmlrpc.php,

Wordfence reports for user [login]

and I suspect for user admin, though I can’t confirm a block just yet as this entry was earlier in the day …