Wordfence and WordPress

So I started using Wordfence security plugin for WordPress, the blog application used on my web server, a few months ago and the logs have proved to be very interesting.  Initially, I noticed that my user name was being tried in addition to the default WordPress user of Admin and occasionally some weird logins like “ugg boots”.  In response, I went to the effort to change my WordPress user name to something that was not like the domain name and so far I have not seen any attempts to login using the new user name.  What is interesting are where the attempted logins come from and how many get blocked, and today I started noticing attempted logins for the username “tim” in addition to the attempts for “timbrown”.  Below is a copy of the latest logins and some of the IP addresses are clearly spoofed as they are RFC1918 addresses (not routable on the Internet) or the Google public DNS server address of 8.8.8.8.  If you use WordPress, I highly recommend Wordfence for both the protection it offers and the data it gathers for building intelligence about the attacks your WordPress installation is seeing on a regular basis.

An unknown location at IP 186.155.163.190 attempted a failed login using an invalid username “Tim”.
IP: 186.155.163.190
Hostname: adsl186-155163190.dyn.etb.net.co
43 minutes ago
Korea, Republic of Ansan, Korea, Republic of attempted a failed login using an invalid username “Tim”.
IP: 175.117.162.88
2 hours 46 mins ago
Palestinian Territory Palestinian Territory attempted a failed login using an invalid username “Tim”.
IP: 178.214.94.216
6 hours 22 mins ago
Taiwan Changhua, Taiwan attempted a failed login using an invalid username “Tim”.
IP: 118.170.88.250
Hostname: 118-170-88-250.dynamic.hinet.net
8 hours 17 mins ago
Thailand Thailand attempted a failed login using an invalid username “Tim”.
IP: 110.77.239.220
10 hours 17 mins ago
Thailand Bangkok, Thailand attempted a failed login using an invalid username “Tim”.
IP: 115.87.206.20
Hostname: ppp-115-87-206-20.revip4.asianet.co.th
14 hours 37 mins ago
Peru Lima, Peru attempted a failed login using an invalid username “Tim”.
IP: 190.238.138.106
17 hours 18 mins ago
Peru Lima, Peru attempted a failed login using an invalid username “Tim”.
IP: 190.238.50.104
21 hours 6 mins ago
Russian Federation Surgut, Russian Federation attempted a failed login using an invalid username “Tim”.
IP: 31.162.189.165
23 hours 44 mins ago
Turkey Istanbul, Turkey attempted a failed login using an invalid username “Tim”.
IP: 78.169.221.152
Hostname: 78.169.221.152.dynamic.ttnet.com.tr
1 day 1 hour ago
Russian Federation Kopeysk, Russian Federation attempted a failed login using an invalid username “Tim”.
IP: 46.235.251.99
1 day 3 hours ago
Mongolia Ulaanbaatar, Mongolia attempted a failed login using an invalid username “Tim”.
IP: 182.160.4.122
1 day 5 hours ago
Iraq Iraq attempted a failed login using an invalid username “Tim”.
IP: 130.193.157.212
1 day 7 hours ago
Kazakhstan Almaty, Kazakhstan attempted a failed login using an invalid username “admin”.
IP: 2.132.25.66
Hostname: 2.132.25.66.megaline.telecom.kz
1 day 20 hours ago
United States Fremont, United States attempted a failed login using an invalid username “Tim”.
IP: 68.68.96.106
1 day 23 hours ago
Thailand Thailand attempted a failed login using an invalid username “Tim”.
IP: 171.4.250.90
Hostname: mx-ll-171.4.250-90.dynamic.3bb.co.th
2 days 2 hours ago
Peru Huanchaco, Peru attempted a failed login using an invalid username “Tim”.
IP: 190.233.15.249
2 days 4 hours ago
Iceland Iceland attempted a failed login using an invalid username “admin”.
IP: 82.221.99.232
Hostname: tor-exit.burratino.net
2 days 10 hours ago
Ukraine Ukraine attempted a failed login using an invalid username “annabobs”.
IP: 195.211.214.180
Hostname: client-214-180.expressnikopol.net.ua
2 days 18 hours ago
3 days 18 hours ago
Brazil Fortaleza, Brazil attempted a failed login using an invalid username “admin”.
IP: 186.213.9.158
Hostname: 186.213.9.158.static.host.gvt.net.br
6 days 16 hours ago
United States Seattle, United States attempted a failed login using an invalid username “ugg boots”.
IP: 216.244.71.19
6 days 17 hours ago
Ukraine Vinnitsa, Ukraine attempted a failed login using an invalid username “admin”.
IP: 178.74.241.241
Hostname: cpe-178-74-241-241.enet.vn.ua
6 days 20 hours ago
Ukraine Ukraine attempted a failed login using an invalid username “admin”.
IP: 77.120.108.186
Hostname: hosting-service.com.ua
6 days 20 hours ago
Ukraine Ukraine attempted a failed login using an invalid username “admin”.
IP: 188.190.99.79
Hostname: sa.net.ua
6 days 23 hours ago
United States Bridgeport, United States attempted a failed login using an invalid username “admin”.
IP: 24.213.143.110
Hostname: rrcs-24-213-143-110.nys.biz.rr.com
7 days 11 hours ago
United States Mountain View, United States attempted a failed login using an invalid username “timbrown”.
IP: 8.8.8.8
Hostname: google-public-dns-a.google.com
7 days 11 hours ago
Ukraine Ukraine attempted a failed login using an invalid username “admin”.
IP: 95.141.27.41
7 days 14 hours ago
Bulgaria Bulgaria attempted a failed login using an invalid username “admin”.
IP: 87.126.233.83
Hostname: 87-126-233-83.btc-net.bg
7 days 19 hours ago
United States Seattle, United States attempted a failed login using an invalid username “purple ugg boots”.
IP: 216.244.85.234
8 days ago
Russian Federation Surgut, Russian Federation attempted a failed login using an invalid username “admin”.
IP: 178.47.106.90
9 days 10 hours ago
Iran, Islamic Republic of Tehran, Iran, Islamic Republic of attempted a failed login using an invalid username “admin”.
IP: 94.183.0.201
Hostname: 94-183-0-201.rasana.net
9 days 10 hours ago
Iran, Islamic Republic of Dezful, Iran, Islamic Republic of attempted a failed login using an invalid username “admin”.
IP: 188.245.137.119
9 days 10 hours ago
Philippines Batangas, Philippines attempted a failed login using an invalid username “admin”.
IP: 112.208.109.155
Hostname: 112.208.109.155.pldt.net
9 days 10 hours ago
An unknown location at IP 10.0.0.67 attempted a failed login using an invalid username “admin”.
IP: 10.0.0.67
9 days 10 hours ago
Yemen Yemen attempted a failed login using an invalid username “admin”.
IP: 82.114.178.200
Hostname: adsl-82-114-178-200.dynamic.yemennet.ye
9 days 10 hours ago
Malaysia Malaysia attempted a failed login using an invalid username “admin”.
IP: 183.171.167.114
9 days 10 hours ago
An unknown location at IP 10.0.0.67 attempted a failed login using an invalid username “timbrown”.
IP: 10.0.0.67
9 days 10 hours ago
Iran, Islamic Republic of Iran, Islamic Republic of attempted a failed login using an invalid username “admin”.
IP: 2.178.10.100
9 days 11 hours ago
Philippines Manila, Philippines attempted a failed login using an invalid username “timbrown”.
9 days 11 hours ago
An unknown location at IP 10.0.0.67 attempted a failed login using an invalid username “admin”.
IP: 10.0.0.67
9 days 11 hours ago
An unknown location at IP 5.52.24.174 attempted a failed login using an invalid username “timbrown”.
IP: 5.52.24.174
9 days 11 hours ago
Ukraine Lvov, Ukraine attempted a failed login using an invalid username “admin”.
IP: 178.95.108.172
Hostname: 172-108-95-178.pool.ukrtel.net
9 days 11 hours ago
United Kingdom Hengoed, United Kingdom attempted a failed login using an invalid username “timbrown”.
IP: 91.108.133.103
9 days 11 hours ago
Saudi Arabia Saudi Arabia attempted a failed login using an invalid username “timbrown”.
IP: 86.60.61.116
9 days 11 hours ago

One thought on “Wordfence and WordPress”

  1. Update: About six months ago, I started using the iThemes Security plugin instead of Wordfence as the iThemes plugin covers more options for securing a WordPress site and has a good list of checks to verify the settings. iThemes along with the Captcha by BestWebSoft plugin has practically eliminated bogus attempted logins.

Leave a Reply

Your email address will not be published. Required fields are marked *