Since I’ve installed a Xstore theme a few days ago, I’ve detected a big increase on login attemps that are being locked by the Sucuri Security plugin. It seems likely my site is under a password guessing brute-force attack and I suspect it could be caused by one of the plugins installed with the XStore theme. Could it be? There’s any way to prevent this bot attacs?
Site URL: hidden Theme version: 0.0.1 WooCommerce version: 3.3.5
We don’t have information that any plugin included in our theme or any theme code could cause such problem. Anyway, you can disable them one by one and check if you still have the attacks.
Also, you may try WPS Hide Login plugin, sometimes it helps to avoid force attacks.