So I discovered today the following:
A person had been trying to Brute force the login page on my site. bwps stepped in and locked them out after 5 attemps and after few hours of this bwps perma banned the ip as a repeat offender.
To my surprise the lockout notices kept coming for the same ip address but its supposed to be banned…. through some testing I found that when wpbs bans someone the way it writes the rules it doesn’t ban them from using the post method.
Note*: the login limits do temp ban the ip for excessive bad login attempts…but thats only temporary.
- The topic ‘bwps not blocking post requests.’ is closed to new replies.