Security issue: password guessing (3 posts)

  1. Stephen Coles
    Posted 4 years ago #

    Unless I'm missing it, WordPress needs better protection against password guessing attacks. One IP tried to break into one of my blogs using over 500 passwords in 20 mins. Shouldn't there be a longer waiting period and/or a limit on attempts?

  2. Stephen Coles
    Posted 4 years ago #

    I was recommended the Login LockDown plugin. Seems like this is functionality that should be part of the core install, no?

  3. There's no plan at this time. Brute force password attacks are frustrating, but login lockdown has it's own issues (like if you typo and lock yourself out, it takes more skill than many new users have to unlock it, or they'd have to wait, and in the meantime, they'd come here and complain). The payoff is less than you'd think, and even with a lockout, it's blocking by IP, which can be easily changed.

Topic Closed

This topic has been closed to new replies.

About this Topic