I have several people everyday which trying to login as admin.
If there was a feature which automatically ban IP when someone attempt to login with a specific username i.e. “admin” would be very useful!
Plugin Contributor
johanee
(@johanee)
Ovidiu,
I’ll add an action “limit_login_lockout” to the lockout path. Look for it in version 1.7.1. I would be very careful, though, with automatic firewall rules.
Stergos,
If you have this plugin + a somewhat decent password they will never break in. It can still be very annoying though, which is reason enough to ban the IP I guess.
Thread Starter
Ovidiu
(@ovidiu)
thanks johanee.
I know automatic blacklisting is dangerous but if you carefully chose the limits and the blacklist duration they work great.
Plugin Contributor
johanee
(@johanee)
My working version (not availible in SVN yet) makes it an action with IP as argument.
Would you need anything else for your use case? Lockout duration?
Thread Starter
Ovidiu
(@ovidiu)
I’m not a programmer, so I am not 100% sure what your solution looks like.
Ideally, I would like to have the option of setting the “ban-time-duration” and the command I’d like executed, but on the other hand I just realized, that might not work if the site is on a server where everything is properly secured. I mean executing a firewall command that will ad the IP to the iptables firewall will probably not be feasible.
What are your thoughts on this?
I brought the idea up as I thought it would take a lot of load off a server to have “bad guys” blocked straight away by iptables instead of going through apache just to serve a “bugger off” message…
Plugin Contributor
johanee
(@johanee)
This woul require whatever user the webserver runs as to have the permissions to change iptables. Probably not a good idea, really.
It would perhaps be more reasonable to restrict the ip in the .htaccess file. I would prefer not to have to do this myself for now, but with a normal WP action it would be possible for someone else to creatw this functionality.
Thread Starter
Ovidiu
(@ovidiu)
jepp, I got that idea when you said you’d made it into an action, so you can call it anytime wanted from a plugin or via functions.php
And you are right about the risks, I only saw the repercussions of what I was asking for in my last post 🙂 glad you confirmed my suspicions and under these circumstances offering it as an action is cool, its now up to the end user what he does with it, especially since using it requires some advanced knowledge so that makes sure nobody does any nonsense with it by chance.
