Support » Plugin: Login Security Solution » Feature Request: configurable email subject line

  • Feature Request: configurable email subject line

    I know that “ATTACK HAPPENING TO” is intended to shout an obvious warning message to the email recipient. But there are situations where some other, milder subject line might be more appropriate.

    Since there is very little that you can do while an attack is underway anyway, the ALL CAPS SUBJECT LINE seems unnecessarily alarmist for some recipients.

    In my experience with this plugin, it has proven to be a sad eye-opener that hacking attempts happen regularly on many (most?) websites. Combined with the fact that the email is just a notification that the plugin is doing its intended job correctly, and that you are in no imminent danger, a less alarming subject line could be appropriate.

    In some ways, the subject line is not accurate or reflective of the situation, or suggests something worse than is happening. It is really an attack attempt that is occurring. An “attack attempt is being repelled”.

    New site owners freak out the first several times they see the message. I always need to prepare the site owners ahead of time that they will be receiving those messages, and that they really don’t need to worry about them. And then I need to reassure them several times: after they receive the first one, and after they receive several more. And then again some months later when they have grown tired of seeing these. “No, you really don’t need to worry about those messages. No, there is really nothing that needs to be done. Yes, the plugin is working and there is nothing to worry about.”

    I recommend that a configurable subject line, or option to choose between subject lines, (even if you keep the current one as the ‘default’ option) would be a big improvement.

    It would also help if there were an option to NOT send the email message to the site’s default email address, but rather only to the additional address(es) that you can enter.

    Thanks. Great plugin!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter hommealone

    (@hommealone)

    Follow up question: Since the “ATTACK HAPPENING TO…” messages are really only informational, really only mean “An attack is being repelled…”, and there is really nothing that you can do when you receive them anyway, are there any settings that I can adjust which will cut down on the frequency with which they are sent? For example, if I adjust the “Failure Notification” setting to a higher number than 50, will I receive less messages? If so, what are some higher numbers that I could try? What are settings that are TOO high?

    Is it possible to increase the amount of delay time once they hit tier 3? Wouldn’t that tend to discourage more attacks before they reach the “Failure Notification” trip-point?

    Thread Starter hommealone

    (@hommealone)

    Re: Settings
    With no reply yet, I experimented with a Failure Notification setting of 100. I received an email containing:

    There have been at least 100 failed attempts to log in during the past 120 minutes that used one or more of the following components…

    At least 100 failed attempts in 120 minutes still seems like a lot (although obviously less than one attempt every few seconds, which I imagine bots can do.) could they be slowed down even more at some point?

    Re: Subject line
    As an experiment, I hacked the plugin to change the subject line to:

    An attack is being repelled on [name of website]

    In the email mailbox, this is much less alrming and, I think, also more accurate.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Feature Request: configurable email subject line’ is closed to new replies.