Preventing Malicious Lockouts from Username Enumeration

  • Resolved yourbudweiser

    (@yourbudweiser)


    2 months, 3 weeks ago

    I’m using Limit Login Attempts Reloaded and running into an issue where attackers are able to discover valid usernames and repeatedly lock out legitimate users. This is becoming difficult to manage since we have to constantly monitor and manually unlock accounts. IP whitelisting isn’t practical for our clients since most don’t know or have static IPs, so what do you recommend as best practices or configuration changes to prevent abuse like this while keeping the plugin effective?

Viewing 1 replies (of 1 total)
  • Plugin Support brucewayne25

    (@brucewayne25)

    2 months, 3 weeks ago

    The plugin limits attempts by IP, not by username. This means your users get blocked due to some other reason. It is possible that your server detects IPs incorrectly. Can you share the info from your Debug tab? The part that is related to IPs?

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.