bbPress login widget brute force | WordPress.org

Sybre Waaijer
(@cybr)

9 years ago

Hello,

When bbPress’ login widget is used, no log files are created for when a user types in a wrong login name/password combination.

This is regarding a multisite setup with WPMUdev Domain Mapping.

Also, the http://ithemes.us2.list-manage.com/subscribe/post?u=7acf83c7a47b32c740ad94a4e&id=5176bfed9e thingy is insecure on a HTTPS connection, this should be checked with is_ssl() 🙂
This should be discussed with MailChimp as accessing their page also results in mixed content errors but AFAIK they fully support SSL connections 😀

So that’s pretty much it. Keep up the good work!
Next to BruteProtect (due to be canceled and is SUPER SLOW with their API calls + replaced with JetPack with their bloated and weird MultiSite setup) your plugin seems to be the best regarding brute force protection ^^

Thanks!

https://wordpress.org/plugins/better-wp-security/

Viewing 2 replies - 1 through 2 (of 2 total)

iThemes Support
(@ithemes-support)

8 years, 12 months ago

Hey Cybr,

Thanks for reporting this. I’ll make sure the developer is aware!

Thanks,

Gerroald

szfpro
(@szfpro)

8 years, 12 months ago

same thing for WooCommerce login.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘bbPress login widget brute force’ is closed to new replies.

In: Plugins
2 replies
3 participants
Last reply from: szfpro
Last activity: 8 years, 12 months ago
Status: not resolved