Ban Usernames

  • Resolved outbwebdev

    (@outbwebdev)


    3 years, 8 months ago

    Hello!

    We have daily brute force attacks on our site, and what I’ve found is the bots are somehow scraping the “nicknames” for users who create the blog posts and using those as username attempts. We already have the blog set to not show the authors and I have ensured the nicknames are all very different from the actual usernames, along with all of the recommended security settings within iThemes.

    As I know what username they are most often trying, and it is not a match for any actual usernames, I would like to set an auto-ban for IPs that attempt to use the targeted username.

    Is there a way to do that within iThemes? From what I have seen, I can only create a ban list for specific IPs, and not a ban triggered by the use of a specific username.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support chandelierrr

    (@shanedelierrr)

    3 years, 8 months ago

    Hi @outbwebdev,

    Unfortunately, there isn’t a way to ban a username other than “admin” in the settings, but this is a current feature request. However, I am unable to provide you with an exact date for when this feature will be available or if it is possible, as there are certain factors to consider before implementing one.

    You could try increasing the chances of an IP getting blocked instead of just getting locked out by tweaking your Lockouts Global Settings: decreasing the Ban Threshold and lowering the lockout period (less than 15 mins).

    I hope this helps!

    Thread Starter outbwebdev

    (@outbwebdev)

    3 years, 8 months ago

    Understood. Thank you for your assistance!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Ban Usernames’ is closed to new replies.