WordPress.org

Forums

Limit Login Attempts
CloudFlare report (1 post)

  1. Viktor Szépe
    Member
    Posted 2 years ago #

    Could I detect a lockout by:

    function errorlog_failure_shake($error_codes) {
      if (in_array('too_many_retries', $error_codes)) error_log('LLA: CloudFlare ban IP');
      return $error_codes;
    }
    add_filter('shake_error_codes', 'errorlog_failure_shake', 100000);

    It works only in downloaded login forms.
    Not working on

    • auth cookies
    • DoS HTTP/HEAD requests to wp-login
    • DoS requests to pw reset, signup

    Could you do a do_filter('limit_login_lockout') every time LLA finds out there is a lockout?
    e.g. I would add_filter() sleep or IP blocking to offload my server or error_log or write a rule to .htaccess etc.

    http://wordpress.org/extend/plugins/limit-login-attempts/

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Limit Login Attempts
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic