WordPress.org

Support

Support » Plugins and Hacks » [Plugin: Login Security Solution] Feature Question

[Plugin: Login Security Solution] Feature Question

  • Daniel, is there a chance that in a future version you might make lock out optional rather than forcing the slow down method?

    There appears to be a lot in this plugin that I would appreciate, but I’m hung up on the lock out issue.

    Whatever may be most common, my most recent experience is that attacks are being coded to pause on a target and then resume. Using Limit Login Attempts, I’ve increased the lockout time progressively to 3 months because of the persistence of the bots. So if they are never locked out, they may just keep doggedly hitting the site until who knows if they get lucky?

    A side question while I’m abusing your expertise: do you believe captcha at login is an effective addition against brute force and does your plugin detect a failed login attempt due to a failed captcha as a “fail” that needs to be dealt with either with the slowdown or some day with an optional lockout?

    Thank you for contributing your skills to the WP community and your obvious commitment to making this plugin a valuable security tool.

    http://wordpress.org/extend/plugins/login-security-solution/

Viewing 1 replies (of 1 total)
  • Plugin Author Daniel Convissor
    Member

    @convissor

    I don’t want to use lockouts. The FAQ explains why.

    While CAPTCHAs can help with some attackers, automated procedures exist for outsourcing people to fill them in if the attacker so desires. My plugin only handles login errors for invalid user names or password, since that’s what the core of WP provides information about. It’d be impractical to support other plugins in this process, sorry.

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: Login Security Solution] Feature Question’ is closed to new replies.