Deactivating brute force protection (GDPR)

  • jenja

    (@jenja)


    7 years ago

    Hi,

    in preparation for the European GDPR I unfortunately have to deactivate ITheme’s brute force protection and replace this part of protection by Limit Login Attempts Reloaded which seems to have more of a GDPR compliance (although the protection might be a little weaker)

    So far I deactivated
    – local brute force protection
    – network brute force protection
    – banned users
    – and under global settings the blacklist repeat offender

    But I still receive information that IThemes has locked out users / hosts. Please inform me how I can generally deactive that ITheme is registerig any IP addresses of visitors?

    Thanks and kind regards

    Jenja

Viewing 3 replies - 1 through 3 (of 3 total)
  • cebln

    (@cebln)

    7 years ago

    The worst is that simply running the “Security Check” tries to reactivate all this.

    My suggestion (we are also asking whether this is still safe to use):
    There should be a main switch “USE IN EU/COMPLY TO GDPR” which, when enabled, would be hiding and disabling all that (now) illegal stuff, so it cannot by simple mistake be reactivated and cause legal trouble.

    cebln

    (@cebln)

    7 years ago

    added: From what I now about the new GDPR – there are problems if the plugin talks to external sources, like this network protection. Storing IP numbers temporarily for banning users trying a hacking would be covered by the rules (legitimate interests of the site owner). A storage in a blacklist over a long period of time can be problematic.

    cebln

    (@cebln)

    7 years ago

    and also, the backup: mailing unencrypted databases can also be a problem.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Deactivating brute force protection (GDPR)’ is closed to new replies.

Tags