WordPress.org

Ready to get started?Download WordPress

Forums

Botnet Attack Blocker
[resolved] Can you add a whitelist IP address during lockdown? (4 posts)

  1. fratony
    Member
    Posted 1 year ago #

    I really like the idea of this plugin as I am getting lots of hacking attempts across my sites. However, my only concern is that i get locked out myself and cannot log back in if I do not know the IP address I will be using in advance (i.e. when on the road).

    I have added my default IP address to the whitelist but often need to log into sites while travelling. If a lockdown is in progress am I stuck or is there any way (e.g. through FTP) that I can add my new IP address to the whitelist during a lockdown? If so, where does the whitelist file exist? (I can't see it in any of the plugin files or htaccess).

    If not, I fear to use the plugin as I could end up being locked out myself.

    Also, (as others have asked) is there any way to limit it to invalid user names? This would overcome the above problem as the lockdown would not effect me regardless of IP address because I would be using the correct username.

    Thanks, in advance, for the clarification.

    http://wordpress.org/extend/plugins/botnet-attack-blocker/

  2. cheesefather
    Member
    Plugin Author

    Posted 1 year ago #

    Hi, the whitelist is stored in the WordPress database (as all plugin settings are), so you could update it via phpMyAdmin or a similar tool.

    At the moment it does not differentiate invalid usernames, but if there is sufficient demand then I can add that feature. The recent distributed attack mostly used the username admin, which is valid on most systems, so it wouldn't have worked in that case.

    Thanks.

  3. Kevin
    Member
    Posted 1 year ago #

    cheesefather, I just added this and will be monitoring its behavior over the next few days.

    I agree with improper admin username being good functionality. I understand that too many people don't change their admin username in WordPress (not very intelligent, but oh well....) In my case, I did change it and I too have the same situation as fratony while traveling.

    If someone is security conscious enough to be using your plugin, one would hope that they change their admin username from admin! /;-{D Give it a thought about adding it in.

    BTW, at first glance, this looks to be an excellent plugin.

  4. cheesefather
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks Kevin - I do have something like this coming in the development roadmap, probably an extra step (captcha) or a unique url to use during lockdowns - haven't quite decided yet!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.