WordPress.org

Ready to get started?Download WordPress

Forums

Limit Login Attempts
Several Notifications For IP Block... (2 posts)

  1. ayaz4friends
    Member
    Posted 3 years ago #

    Thank you again for making this really useful plugin. The plugin has recorded and blocked a lots of ip addresses. What should I do now or what can I do to make the attackers away from my site? Is there any law or something like that? thanks.

  2. johanee
    Member
    Plugin Author

    Posted 3 years ago #

    I cannot comment on your legal situation.

    If you are under active attack I would recommend:
    1. Make sure you use strong passwords (12+ truly random characters). Personally I use a password manager and 15-20 character passwords because, why not?
    2. Most bot-style attacks go for the "admin" user. You might want to avoid this username if possible.
    3. Perhaps strengthen the plugin options somewhat: 2-3 allowed attempts, 24h for retries to reset.

    If you have a strong password it is almost impossible to brute force it when login attempts are limited. We're talking age of the universe timespans here.

    If they truly hammer your site it is still annoying of course, and possibly a performance/DDOS issue if they go all out. In that case you might want to look into blocking the IP in htaccess.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic