WordPress.org

Ready to get started?Download WordPress

Forums

Login Security Solution
Feature Question (2 posts)

  1. gwc_wd
    Member
    Posted 2 years ago #

    Daniel, is there a chance that in a future version you might make lock out optional rather than forcing the slow down method?

    There appears to be a lot in this plugin that I would appreciate, but I'm hung up on the lock out issue.

    Whatever may be most common, my most recent experience is that attacks are being coded to pause on a target and then resume. Using Limit Login Attempts, I've increased the lockout time progressively to 3 months because of the persistence of the bots. So if they are never locked out, they may just keep doggedly hitting the site until who knows if they get lucky?

    A side question while I'm abusing your expertise: do you believe captcha at login is an effective addition against brute force and does your plugin detect a failed login attempt due to a failed captcha as a "fail" that needs to be dealt with either with the slowdown or some day with an optional lockout?

    Thank you for contributing your skills to the WP community and your obvious commitment to making this plugin a valuable security tool.

    http://wordpress.org/extend/plugins/login-security-solution/

  2. Daniel Convissor
    Member
    Plugin Author

    Posted 2 years ago #

    I don't want to use lockouts. The FAQ explains why.

    While CAPTCHAs can help with some attackers, automated procedures exist for outsourcing people to fill them in if the attacker so desires. My plugin only handles login errors for invalid user names or password, since that's what the core of WP provides information about. It'd be impractical to support other plugins in this process, sorry.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.