iThemes Security (formerly Better WP Security)
Feature Request: Automatically Block wp-admin if more than XX lockouts happened (2 posts)

  1. kostyay
    Posted 2 years ago #

    It seems that attackers got more sophisticated and are attacking from several ips at the same time to bypass the Lockout notification.

    Can you add a feature that would temporary block the admin panel for everybody after a given number of failed login attemps? Lets say there are 3 lockouts in the timespan on XX minutes I want wp-admin to be blocked entirely for few hours.

    At the moment I have to connect with my phone and manually block that with .htaccess rule to stop the attack.



  2. Handoko
    Posted 2 years ago #

    1. Goto menu > Security > Login Limits > turn on the Enable Login Limits.
    2. Goto menu > Security > Login Limits > turn on the Blacklist Repeat Offender and it will automatically ban the repeated visitors.
    3. Goto menu > Security > Login Limits > set value:3 for Blacklist Threshold.

    You don't have to edit the .htaccess file, you can put the IPs on this plugin by goto menu > Security > Ban Users > turn on the Enable Banned Users and put the IPs on Ban Hosts.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic


No tags yet.