WordPress.org

Ready to get started?Download WordPress

Forums

Login Security Solution
[resolved] Threat Info & Cloudflare Integration (Suggestions for Future Updates) (4 posts)

  1. Mike
    Member
    Posted 1 year ago #

    Hi, Daniel.

    I've been using your LSS plugin for a few client sites, and am pleased with its performance.

    If you're open to suggestions, I have a couple I'd like to propose:

    1) It would be great if you could provide more information when the site is under attack. The single email is fine (much better than the mail flood I was getting before), but I would like to see more about what is actually happening. For example, I'd like to see the full IP address that is generating the threat. What username and password combos are being tried? How many attempts have been made? How long has the site been under attack? How much is LSS slowing down the attack?

    And if it's not too much to ask, it would also be useful to know where the threat is originating.

    I know some of this info is in the database and elsewhere, but ideally, I'd like to see this threat status displayed in the admin panel where both my clients and I can review it.

    (Clients, as a generally rule, have a very hard time believing the frequency of hacking attempts that occur on their sites. More easily accessible threat data is better.)

    2) In addition to your plugin, I use Cloudflare's caching and threat detection. In general, Cloudflare is able to identify and block known threats and known spammers, but it does not identify new threats or new spammers. It's up to its users to report them so they're added to its threat database.

    It would be great if there was an easy interface between your login security solution plugin and cloudflare. Admittedly, I have no idea how difficult that might be to code, but it would be a useful addition if it's not a great deal of work.

    Kudos for all of your work. This is a very useful tool!

    All the Best,

    Mike

    http://wordpress.org/extend/plugins/login-security-solution/

  2. damoncloudflare
    Member
    Posted 1 year ago #

    "but it does not identify new threats or new spammers."

    I'm not sure I'm following this. If our data sources have new threats or spammers identified, then this will trigger the challenge behavior as well (this updates basically in real time).

  3. Mike
    Member
    Posted 1 year ago #

    Sorry I wasn't clear.

    If the LLS plugin identifies, for example, a brute force attack in progress, it is likely that the challenge behavior is not triggered by cloudflare.

  4. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Mike:

    Adding means to view and report on the failures is a good idea and is on my to do list, but it's a low priority. Adding hooks to external providers is beyond the scope of this plugin. The reason for both of these answers is that creating and maintaining the existing functionality has been and continues to be a large enough task.

    Thanks for your feedback and suggestions,

    --Dan

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic