Use this sectin : Cookie based brute force prevention
Its better way to rais your security login
Hi @prionkor
Rename login works for wp-login.php rename, you may use extra of that cookie based brute force WP Security > Brute Force > Cookie based brute force prevention. If you have static IP ( IP do not change). you can enable the Login whitelist ( Which will enable the specified IP address only login form for wp-login.php enabled- But make sure you have static IP if you enabled it and your IP got changed which mentioned as whitelisted you may lockout yourself.)
Hope there is no login functionality on front end, If yes enable the recaptcha for it.
Regards
Puzzling thing is that we have both captcha and honeypot enabled. Anyways, I have enabled cookie protection. See how this goes for next few days.
There aren’t any other instance of login form.
Hi, I just thought of sharing the following documentation. I hope this can also help you.
https://mbrsolution.com/wordpress/aiowps-plugin-pingback-protection-settings.php
Kind regards.
Thank you! My thought was login attempt was from a different endpoint then the login page. Blocking xmlrpc sounds like the correct solution. i will close this thread now. Will reopen if issue doesn’t solve.
Thanks again everyone for your help!