Automatically block IP addresses of "admin" and other known bad usernames

Resolved game writer
(@scrybbler)

8 years, 2 months ago

Hi folks!

I see that 2 years ago, Peter Petreski said you guys would consider adding this feature, which is also in the Wordfence and IP Blacklist plugins: https://wordpress.org/support/topic/site-lockout-and-banning-ips?replies=5

Has there been any verdict on it? I would love to see this in AIOWSAW because I don’t like Wordfence and I don’t want to run IP Blacklist and AIOWSAW at the same time.

https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

Viewing 10 replies - 1 through 10 (of 10 total)

Česlav Przywara
(@chesio)

8 years, 2 months ago

I would love to have this feature in AIOWPSF too!

Plugin Contributor wpsolutions
(@wpsolutions)

8 years, 2 months ago

We’ll see what we can do.

Thread Starter game writer
(@scrybbler)

8 years, 1 month ago

Thanks guys! (And chesio 🙂

Plugin Contributor wpsolutions
(@wpsolutions)

7 years, 6 months ago

This is resolved since the addition of the “Instantly Lockout Invalid Usernames” checkbox in the Login Lockdown settings.

Česlav Przywara
(@chesio)

7 years, 6 months ago

Well, the reason why I had never used “instant lockout” is that any mistyped or mistaken username is immediately blocked and on my websites it would do more damage than good.

The idea here is to only block IPs that try to log in using specific usernames (configured in plugin settings). I’ll have a look how hard this would be to implement.

Thread Starter game writer
(@scrybbler)

7 years, 6 months ago

Thank you Chesio…! That’s exactly it.

For example, IMHO every site should autoblock any IP that tries to log in with the invalid username “admin”. But I don’t want to be blocked immediately if I have a typo in my username.

Honestly the “Instantly Lockout Invalid Usernames” is a negative feature and I think it should be removed in future versions.

Česlav Przywara
(@chesio)

7 years, 6 months ago

Hi,

The feature is now available in the plugin.

Enjoy! 😉

Thread Starter game writer
(@scrybbler)

7 years, 5 months ago

Yessss!
This is in version 4.1.9, right? Where do I find it? I looked under User Accounts, User Login, Blacklist, Firewall, Brute Force, SPAM… couldn’t spot it.

Česlav Przywara
(@chesio)

7 years, 5 months ago

It is under User Login > Login Lockdown (below Instantly Lockout Invalid Usernames option).

Thread Starter game writer
(@scrybbler)

7 years, 5 months ago

Brilliant…! I look forward to greatly increased hacker frustration!

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘Automatically block IP addresses of "admin" and other known bad usernames’ is closed to new replies.

Tags