WordPress.org

Ready to get started?Download WordPress

Forums

Limit Login Attempts
[resolved] feature suggestion (8 posts)

  1. Ovidiu
    Member
    Posted 2 years ago #

    would it be possible to define the action that happens when someone is being locked out?

    i.e. isntead of locking him out, I'd prefer to send a command i.e. apf -d IP and thus banning him via iptables.
    when he should get unlocked a similar apf -a IP would unblock that IP again.

    http://wordpress.org/extend/plugins/limit-login-attempts/

  2. Stergos
    Member
    Posted 2 years ago #

    I have several people everyday which trying to login as admin.

    If there was a feature which automatically ban IP when someone attempt to login with a specific username i.e. "admin" would be very useful!

  3. johanee
    Member
    Plugin Author

    Posted 2 years ago #

    Ovidiu,

    I'll add an action "limit_login_lockout" to the lockout path. Look for it in version 1.7.1. I would be very careful, though, with automatic firewall rules.

    Stergos,

    If you have this plugin + a somewhat decent password they will never break in. It can still be very annoying though, which is reason enough to ban the IP I guess.

  4. Ovidiu
    Member
    Posted 2 years ago #

    thanks johanee.
    I know automatic blacklisting is dangerous but if you carefully chose the limits and the blacklist duration they work great.

  5. johanee
    Member
    Plugin Author

    Posted 2 years ago #

    My working version (not availible in SVN yet) makes it an action with IP as argument.

    Would you need anything else for your use case? Lockout duration?

  6. Ovidiu
    Member
    Posted 2 years ago #

    I'm not a programmer, so I am not 100% sure what your solution looks like.
    Ideally, I would like to have the option of setting the "ban-time-duration" and the command I'd like executed, but on the other hand I just realized, that might not work if the site is on a server where everything is properly secured. I mean executing a firewall command that will ad the IP to the iptables firewall will probably not be feasible.

    What are your thoughts on this?

    I brought the idea up as I thought it would take a lot of load off a server to have "bad guys" blocked straight away by iptables instead of going through apache just to serve a "bugger off" message...

  7. johanee
    Member
    Plugin Author

    Posted 2 years ago #

    This woul require whatever user the webserver runs as to have the permissions to change iptables. Probably not a good idea, really.

    It would perhaps be more reasonable to restrict the ip in the .htaccess file. I would prefer not to have to do this myself for now, but with a normal WP action it would be possible for someone else to creatw this functionality.

  8. Ovidiu
    Member
    Posted 2 years ago #

    jepp, I got that idea when you said you'd made it into an action, so you can call it anytime wanted from a plugin or via functions.php

    And you are right about the risks, I only saw the repercussions of what I was asking for in my last post :-) glad you confirmed my suspicions and under these circumstances offering it as an action is cool, its now up to the end user what he does with it, especially since using it requires some advanced knowledge so that makes sure nobody does any nonsense with it by chance.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic