My site just underwent a brute force attack and I discovered a problem with your plugin.
Because it was a brute force attack, when I tried to login (different IP address than the attack), Login Security Solutions wanted to reset my password. This is fine in theory, but then LSS thought my site had been hacked because of the attack, so it tried to have me reset my password again…
Now, I disabled the plugin and was able to login, enabling Login Lockdown to prevent such thing in the future, but If the attack never stops, how can one login and fix things if your plugin stops you from rightfully logging in? Maybe you should track the last successful IP addresses, of if they change IP addresses and login correctly then allow it, of lockout an attacking IP address like login lockdown.
- The topic ‘[Plugin: Login Security Solution] Locked out if Attacked’ is closed to new replies.