WordPress.org

Forums

Limit Login Attempts
Feature Request: Block username repeats (2 posts)

  1. chrispink
    Member
    Posted 1 year ago #

    I am having fun today, one of my sites is being brute force attempted 100s of times with different IPs I don't know whether they are real IPs of some kind of cloaking.

    But anyway, strikes me that if someone's tried 'admin' after one lockout or "dave' after 4 attempts that that username should be blocked for time A and then time B too no matter what IP. I have 4 login attempts so if I have password problems twice I make damn sure I know what it really is before trying again and a sensible adjunct to this plugin is an unusual username.

    Wonderful plugin though, lifesaver.

    A point worth noting is that some brute force attempts scan for authors so it's always wise to have your admin user not a post author.

    http://wordpress.org/extend/plugins/limit-login-attempts/

  2. gacb
    Member
    Posted 1 year ago #

    Try WordFence. It does that along with many other useful options. You can uncheck the option to send an email for both successful and unsuccesful logins if it gets too tiresome.

    I had a ton of attempts over the past 24 hours, but none broke through. It helps to have a long (at least 12 characters) meaningless password made from letters, numbers and symbols.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Limit Login Attempts
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic