Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Username* Please type your username.

E-Mail* Please type your E-Mail.

Question Title* Please choose an appropriate title for the question so it can be answered easily.

Category* Please choose the appropriate section so the question can be searched easily.

Tags Please choose suitable Keywords Ex: question, poll.

Is this question is a poll? If you want to be doing a poll click here.

Image poll?

Featured image

Browse

Details*

Type the description thoroughly and in details.

Ask Anonymously

Add a Video to describe the problem better.

Video type Choose from here the video type.

Video ID Put Video ID here: https://www.youtube.com/watch?v=sdUUx5FdySs Ex: "sdUUx5FdySs".

Get notified by email when someone answers this question.

By asking your question, you agree to the Terms of Service and Privacy Policy .*

Ask A Question

Asked: June 12, 20252025-06-12T13:31:44+00:00 2025-06-12T13:31:44+00:00In: Cybersecurity

Why do repeated failed login attempts not get blocked even though I enabled brute-force protection?

Benedict PierBegginer

A WordPress site and its firewall show that brute-force protection is enabled.
Attackers are making thousands of login attempts from different IPs.
No IPs are getting banned, and the logs show everything as “allowed.”
The site is running behind a CDN and a load balancer.