WordPress.org

Ready to get started?Download WordPress

Forums

WordPress Login Delay
Explanation missing if not even misleading (2 posts)

  1. hakre
    Member
    Posted 10 months ago #

    This is the plugins description:

    WP Login Delay is a plugin that adds a one second delay when logging into the system in order to slow down any brute-force attack on your website.

    The first part is clear to me so far:

    WP Login Delay is a plugin that adds a one second delay when logging into the system

    But the second part needs explanation. You write:

    in order to slow down any brute-force attack on your website.

    The relationship between adding a one second delay per a single request while having a multi-request brute-force attackis not clear to me.

    In the end this delays the whole brute-force attack for exactly a single second which is so short that I'd say this is not slowing it down at all.

    Please fix the descrption, perhaps leave the brute-force attack completely out there? This gives a far more correct description then:

    WP Login Delay is a plugin that adds a one second delay when logging into the system. Nothing more and nothing less.

    http://wordpress.org/plugins/wp-login-delay/

  2. michael.damoiseau
    Member
    Plugin Author

    Posted 10 months ago #

    Hi Hakre,

    Thanks for your feedback on the plugin!

    I wrote this plugin after writing a post about brute force attack on my blog (http://damoiseau.me, in French only) where I was wondering if adding a delay to the login step would prevent any brute force attack to happen...

    Actually I don't think it will prevent any attack of this kind, but I do think that it can greatly slow down the process of finding your password. One second is not much for a human, but for a program it can be very long, especially when it has a long list of passwords to test.

    Any comment on my little theory more than welcome :)

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.