Seeing Login Attempts After an IP Address Has Been Denied by IP Access Rules

It’s common to see blocked IP’s making login attempts. They are not a threat, and will fail.

To stop a malicious login attempt completely, users would need to filter all traffic that goes to their website before it hits the WordPress installation. This is only possible when users have an extra level of software called “reverse proxy”.

With reverse proxy, all requests to a website including login attempts first hit that proxy, and if the proxy is smart enough, it will deny the bad requests and allow the good ones. Then the good requests will hit the website.

There are 2 main problems with reverse proxies:

1. They are usually not easy to implement and hiring a web developer is required. Users will have to give the developer access to their domain management console and/or their hosting account console. Also users will have to install additional WordPress plugins that will make their site compatible with the proxies.

2. The most popular proxies are generic. They are not dedicated to WordPress exclusively, instead they try to cover all websites. Hence they have much less information to decide whether a request is bad or not, compared to more focused solutions like Limit Login Attempts Reloaded.

A typical WordPress installation doesn’t use a proxy and all requests will reach the website. At this point, the Limit Login Attempts Plugin comes into play. The plugin decides if a request is legit enough to at least let it try to log in, and if it’s not, it stops the attempt right away.

Since all requests get to the site, users see the login attempts in their log even after they denied the related IPs, usernames or countries. All of them will get denied.

There is no comprehensive way to stop the attempts completely without using an extra piece of software called “reverse proxy”, but using the Limit Login Attempts Reloaded plugin will deny the malicious attempts.