Hi @deepakdcc
I hope you’re well today!
User database as well as WP core/plugin/theme files are common across all the subsites. It’s the same install, same database (with some tables being shared across all blogs, some being specific to them but still within the same database). This is important in terms of security and the goal of firewall is to prevent/stop “unauthorized”/unwanted/possibly malicious login attempts and request.
If they were blocked only for a single site of a multisite and still allowed for other – that wouldn’t be much different than not blocking them at all, in terms of security. Note please that I’m referring here to site security and not access control/management which is entirely different subject.
Defender isn’t an “access management tool” and shouldn’t be used to control access to sub-sites this way. It should be used for security-related lockouts and if such a lockout is expected to be efficient it should be sitewide.
If you need to block access to certain sites for some users while allowing them to access other sites, then any of popular access management/membership-type plugins would be a good shot and should help you achieve that while Defender would keep “firewalling” on network level.
Kind regards,
Adam
Thread Starter
Deepak
(@deepakdcc)
you are completely right , ill use temporary blocking feature on entire network level , may be that would help ,
but also it would be great feature to give option for subsite admin to set login lockout numbers for her woo based site , so they can set their own if they wanna overnight , for example , my main site ,I keep 5 failed login attempt to lockout to 15mins, but if subsite users want ll let them set different numbers like 10 failed login to lockout for 5 mins or something they prefer ,
this is a good feature request , permanant lockout after certain number of temporary lockout . for example , if a user gets lockout temporarily , and again he does he same thing for 10 more times, I mean 10 times temporarily lockout , then hey ll be permmantly banned, this method ll let us find potential brute force attack and lockout them or because sometime real users might forget password so I dont want to permanently ban them , so real users will not try 10 plus lockouts without Asking us to try next attempt, they ll reset the password and try , so they will nt last for 10 plus temporary lockout ,so we can filter out real brute force and ban permananty
thank you
-
This reply was modified 2 years ago by Deepak.
Hi @deepakdcc
Thank you for the description.
We sent it as a feature request to our developers, we can’t give an estimated time or guarantee that this is going to be implemented but I see some good reason for having some subsite control.
To subscribe and follow our roadmap: https://wpmudev.com/roadmap/#defender
Best Regards
Patrick Freitas
Hello @deepakdcc ,
We haven’t heard from you for a while now, so it looks like you don’t need our assistance anymore.
Feel free to re-open this ticket if needed.
Kind regards
Kasia