Satico

Hello, mbrsolution! I have same problem. I have carefully read the whole topic and repeat all your recommendations.

1. WP Security -> Firewall -> Basic Firewall Rules
– Completely Block Access To XMLRPC (always checked)
– Disable Pingback Functionality From XMLRPC (always checked)

2. The IP range which is still getting through is:
178.158.247.* – 200 OK
178.137.*.* – he gets many redirect like this
my-site.ru 178.137.16.194 – – [14/Jan/2017:02:58:26 +0300] “GET /my-page/ HTTP/1.1” 301 – “http://taganrog.xxxrus.org/” “Mozilla/4.0 (compatible- MSIE 6.0- Windows NT 5.1- SV1- .NET CLR 1.1.4322”

3. The plugin log files found under Dashboard “AIOWPS Logs” are ALWAYS empty. Two files:
– wp-security-log.txt
– wp-security-log-cron-job.txt

I check these files from May 2016 and they are always empty! I thought it should be.

4. When I using a browser go to the following URL: <my-site-url>/xmlrpc.php I see the error 405 Not Allowed. Is that bad?

5. Try the following, deactivate the plugin and reactivate it again. Then carry a test and check the log file again.
Still empty!

6. Deactivate the plugin and delete the plugin. Then install a fresh copy of the plugin. Then carry out some test to see if the log file populates.
I removed, installed, tested <my-site-url>/xmlrpc.php, then go to Dashboard “AIOWPS Logs”:
– wp-security-log.txt – empty
– wp-security-log-cron-job.txt – empty

nothing helps 🙁

P.S. I have the latest version of your plugin and WordPress version is 4.5.4.
P.P.S. sorry for my google-translate english 🙁