Support » Plugin: Limit Login Attempts » Feature Request: Block username repeats

  • I am having fun today, one of my sites is being brute force attempted 100s of times with different IPs I don’t know whether they are real IPs of some kind of cloaking.

    But anyway, strikes me that if someone’s tried ‘admin’ after one lockout or “dave’ after 4 attempts that that username should be blocked for time A and then time B too no matter what IP. I have 4 login attempts so if I have password problems twice I make damn sure I know what it really is before trying again and a sensible adjunct to this plugin is an unusual username.

    Wonderful plugin though, lifesaver.

    A point worth noting is that some brute force attempts scan for authors so it’s always wise to have your admin user not a post author.

Viewing 1 replies (of 1 total)
  • Try WordFence. It does that along with many other useful options. You can uncheck the option to send an email for both successful and unsuccesful logins if it gets too tiresome.

    I had a ton of attempts over the past 24 hours, but none broke through. It helps to have a long (at least 12 characters) meaningless password made from letters, numbers and symbols.

Viewing 1 replies (of 1 total)
  • The topic ‘Feature Request: Block username repeats’ is closed to new replies.