Support » Plugin: Security-Protection » login attempts through the login page & auth cookies

  • Hi, I was looking at plugins to mitigate against brute force login attacks and see your plugin is up-to-date, great!

    What I wanted to know is whether its protects against the two following items (like the “Limit Login Attempts/” plugin):

    – login attempts through the login page
    – attempts to log in using auth cookies in same way.

    Also, how else does it differ from the “Limit Login Attempts/” plugin?

    Thanks, I look forward to your response.

    Kevin

    https://wordpress.org/plugins/security-protection/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author webvitalii

    (@webvitaly)

    Security-Protection is up-to-date because I use it on all my sites and I like how it works 🙂

    Also, how else does it differ from the “Limit Login Attempts” plugin?

    • Limit-Login-Attempts limits login attempts (as plugin name says 🙂 ) for same IP and then blocks all the next attempts. Security-Protection blocks 100% of brute-force bot attempts and does not block login attempts from real users;
    • Security-Protection is much more lighter, faster, does not bloat database and has absolutely new fresh approach to block brute-force attacks;
    • The main difference of Security-Protection from other plugins is that it sends fake cookies and make fake redirect for brute-force bot that stops some brute-force attacks which are waiting for such response;

    – login attempts through the login page

    Security-Protection does not block login attempts for real users, only brute-force post requests.

    – attempts to log in using auth cookies in same way

    Security-Protection does not block login attempts with auth cookies. I don’t understand it, what exactly Limit-Login-Attempts plugin is blocking here?

    SmokingFetish Society

    (@adminsmokingfetishsocietycom)

    Does it work with multisite and allow new users to register on site? I’ve found that the limit-login-attempts doesn’t work very well for multisites or allowing new users to register.

    Plugin Author webvitalii

    (@webvitaly)

    Security-protection plugin works good with multisite.
    It blocks login brute-force requests on each site of the multisite network and let users to register new site.
    But Security-protection plugin does not blocks brute-force registration on multisite (/wp-signup.php page), it only blocks brute-force registration on stand-alone sites (/wp-login.php?action=register page).

    We’re in the middle of a brute force attack and installed your plugin and turned Send Log to TRUE. I’m not receiving any emails from the plugin and the attack continues…

    We’re running plugins:

    Limit Login Attempts (receiving email from this)
    Clef (turned off login form)
    …and yours.

    Suggestions?

    Ron

    Plugin Author webvitalii

    (@webvitaly)

    @ron: Can you send me the link to your site via feedback form?

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘login attempts through the login page & auth cookies’ is closed to new replies.