WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[resolved] bwps not blocking post requests. (4 posts)

  1. supawiz6991
    Member
    Posted 9 months ago #

    Hello,

    So I discovered today the following:

    A person had been trying to Brute force the login page on my site. bwps stepped in and locked them out after 5 attemps and after few hours of this bwps perma banned the ip as a repeat offender.

    To my surprise the lockout notices kept coming for the same ip address but its supposed to be banned.... through some testing I found that when wpbs bans someone the way it writes the rules it doesn't ban them from using the post method.

    Note*: the login limits do temp ban the ip for excessive bad login attempts...but thats only temporary.

    http://wordpress.org/plugins/better-wp-security/

  2. supawiz6991
    Member
    Posted 9 months ago #

    This needs to be fixed. The bots/hackers are discovering this flaw and are exploiting it more and more.

  3. supawiz6991
    Member
    Posted 8 months ago #

    This issue has yet to be fixed. It is becoming a bigger security issue. More and More attacks are exploiting this. When will we see a fix?

  4. supawiz6991
    Member
    Posted 1 month ago #

    Fixed :)

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.