Security issue: password guessing

  • Stephen Coles

    (@stewf)


    12 years, 5 months ago

    Unless I’m missing it, WordPress needs better protection against password guessing attacks. One IP tried to break into one of my blogs using over 500 passwords in 20 mins. Shouldn’t there be a longer waiting period and/or a limit on attempts?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter Stephen Coles

    (@stewf)

    12 years, 5 months ago

    I was recommended the Login LockDown plugin. Seems like this is functionality that should be part of the core install, no?

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    12 years, 4 months ago

    There’s no plan at this time. Brute force password attacks are frustrating, but login lockdown has it’s own issues (like if you typo and lock yourself out, it takes more skill than many new users have to unlock it, or they’d have to wait, and in the meantime, they’d come here and complain). The payoff is less than you’d think, and even with a lockout, it’s blocking by IP, which can be easily changed.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security issue: password guessing’ is closed to new replies.