iThemes Security (formerly Better WP Security)
[resolved] bwps not blocking post requests. (4 posts)

  1. supawiz6991
    Posted 2 years ago #


    So I discovered today the following:

    A person had been trying to Brute force the login page on my site. bwps stepped in and locked them out after 5 attemps and after few hours of this bwps perma banned the ip as a repeat offender.

    To my surprise the lockout notices kept coming for the same ip address but its supposed to be banned.... through some testing I found that when wpbs bans someone the way it writes the rules it doesn't ban them from using the post method.

    Note*: the login limits do temp ban the ip for excessive bad login attempts...but thats only temporary.


  2. supawiz6991
    Posted 2 years ago #

    This needs to be fixed. The bots/hackers are discovering this flaw and are exploiting it more and more.

  3. supawiz6991
    Posted 2 years ago #

    This issue has yet to be fixed. It is becoming a bigger security issue. More and More attacks are exploiting this. When will we see a fix?

  4. supawiz6991
    Posted 1 year ago #

    Fixed :)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic


No tags yet.