lockout based on each site in multisite

Resolved Deepak
(@deepakdcc)

2 years, 1 month ago

hi , it would be great if lockout or banning happens on per site basis in ,multisite
in my case I sell websites , and I ban some users on my main site , but they arent able to see clients subsite also , because I keep strict policy for main site , but my clients doesnt want that type od configs , they want to allow multiple failed login attempts , but in main site , I set limit to failed attempts

please as an option to setup firewall based on separate site

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Support Adam – WPMU DEV Support
(@wpmudev-support8)

2 years ago

Hi @deepakdcc

I hope you’re well today!

User database as well as WP core/plugin/theme files are common across all the subsites. It’s the same install, same database (with some tables being shared across all blogs, some being specific to them but still within the same database). This is important in terms of security and the goal of firewall is to prevent/stop “unauthorized”/unwanted/possibly malicious login attempts and request.

If they were blocked only for a single site of a multisite and still allowed for other – that wouldn’t be much different than not blocking them at all, in terms of security. Note please that I’m referring here to site security and not access control/management which is entirely different subject.

Defender isn’t an “access management tool” and shouldn’t be used to control access to sub-sites this way. It should be used for security-related lockouts and if such a lockout is expected to be efficient it should be sitewide.

If you need to block access to certain sites for some users while allowing them to access other sites, then any of popular access management/membership-type plugins would be a good shot and should help you achieve that while Defender would keep “firewalling” on network level.

Kind regards,
Adam
Thread Starter Deepak
(@deepakdcc)

2 years ago
you are completely right , ill use temporary blocking feature on entire network level , may be that would help ,
but also it would be great feature to give option for subsite admin to set login lockout numbers for her woo based site , so they can set their own if they wanna overnight , for example , my main site ,I keep 5 failed login attempt to lockout to 15mins, but if subsite users want ll let them set different numbers like 10 failed login to lockout for 5 mins or something they prefer ,

this is a good feature request , permanant lockout after certain number of temporary lockout . for example , if a user gets lockout temporarily , and again he does he same thing for 10 more times, I mean 10 times temporarily lockout , then hey ll be permmantly banned, this method ll let us find potential brute force attack and lockout them or because sometime real users might forget password so I dont want to permanently ban them , so real users will not try 10 plus lockouts without Asking us to try next attempt, they ll reset the password and try , so they will nt last for 10 plus temporary lockout ,so we can filter out real brute force and ban permananty

thank you
- This reply was modified 2 years ago by Deepak.
Plugin Support Patrick – WPMU DEV Support
(@wpmudevsupport12)

2 years ago

Hi @deepakdcc

Thank you for the description.

We sent it as a feature request to our developers, we can’t give an estimated time or guarantee that this is going to be implemented but I see some good reason for having some subsite control.

To subscribe and follow our roadmap: https://wpmudev.com/roadmap/#defender

Best Regards
Patrick Freitas

Plugin Support Kasia – WPMU DEV Support
(@wpmudev-support2)

2 years ago

Hello @deepakdcc ,

We haven’t heard from you for a while now, so it looks like you don’t need our assistance anymore.

Feel free to re-open this ticket if needed.

Kind regards
Kasia

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘lockout based on each site in multisite’ is closed to new replies.