After the generic recommendations from Binero a few weeks ago for the “All in one WordPress Security & Firewall plugin” I decided to give it a try.
At first I implemented it only for one of my test blogs, but quickly noticed several nice features and proceeded to implement it on all my sites.
This worked really fine, and while I’ve only enabled a subset of the settings so far it seems to have some effect, since one of the things I did enable was the brute force login prevention, including the email stats for when someone is blocked. Little did I think it would be about 10-20 attempts per day, every day.
And while this may not be much in comparison, at least I assume larger sites have much more of this behavior, it was still comforting to see this is now being blocked. And yet, I am still somewhat uncertain how come there can be over 10-20 login attempts daily and no sign of these in the website statistics?
If they’re coming to the site they ought to show up in the stats, and if they’re not, how are they trying to login? Clearly I need to see if I can find out more on how the stats are actually collected.