WordPress.org

Ready to get started?Download WordPress

Forums

Limit Login Attempts
CloudFlare report (1 post)

  1. szepe.viktor
    Member
    Posted 1 year ago #

    Could I detect a lockout by:

    function errorlog_failure_shake($error_codes) {
      if (in_array('too_many_retries', $error_codes)) error_log('LLA: CloudFlare ban IP');
      return $error_codes;
    }
    add_filter('shake_error_codes', 'errorlog_failure_shake', 100000);

    It works only in downloaded login forms.
    Not working on

    • auth cookies
    • DoS HTTP/HEAD requests to wp-login
    • DoS requests to pw reset, signup

    Could you do a do_filter('limit_login_lockout') every time LLA finds out there is a lockout?
    e.g. I would add_filter() sleep or IP blocking to offload my server or error_log or write a rule to .htaccess etc.

    http://wordpress.org/extend/plugins/limit-login-attempts/

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic