WordPress.org

Forums

Limit Login Attempts
[resolved] Can a hacker fake the IP address and get past this blocker? (3 posts)

  1. MNL345
    Member
    Posted 4 years ago #

    I've heard that hackers can falsify their IP address or even leave it blank so the server cannot read anything. Would this plugin be able to detect a number of invalid attempts on a single login name if they came from multiple, sufficiently diverse IP addresses? If not, could you please include in the next version this additional ability?

  2. johanee
    Member
    Plugin Author

    Posted 4 years ago #

    No, they cannot use a false IP address to make login attempts.

    As for an attempt using a large number of IP addresses (many computers): it doesn't really help the attacker much as long as you have a good password (12+ truly random characters). We're talking age of the universe time-frames here.

  3. Vezado
    Member
    Posted 3 years ago #

    They could use a proxy, tor or other anonymizing service to access the site from different addresses, but as johanee stated the most important thing is having a good password that makes brute forcing a password essentially impossible.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Limit Login Attempts
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic