Hi, I’m getting constant login failure message from my website howtosection.com. After checking the logs I found it is an XMLRPC attack. I read somewhere that disabling xmlrpc is the only best solution, but since I use Jetpack and Wordpress app on mobile I cannot do that. I have added security plugins and also password protected wp-login page as a second layer protection, enabled protection in Jetpack options, Have added WordFence. But I still get the same login failure warning almost every 30 minutes. I can see Wordfence is blocking those IPs but it just keeps happening from different IPs Can anyone please help me with this?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.