WordPress.org

Support

Support » Requests and Feedback » Security issue: password guessing

Security issue: password guessing

  • Unless I’m missing it, WordPress needs better protection against password guessing attacks. One IP tried to break into one of my blogs using over 500 passwords in 20 mins. Shouldn’t there be a longer waiting period and/or a limit on attempts?

Viewing 2 replies - 1 through 2 (of 2 total)
  • I was recommended the Login LockDown plugin. Seems like this is functionality that should be part of the core install, no?

    There’s no plan at this time. Brute force password attacks are frustrating, but login lockdown has it’s own issues (like if you typo and lock yourself out, it takes more skill than many new users have to unlock it, or they’d have to wait, and in the meantime, they’d come here and complain). The payoff is less than you’d think, and even with a lockout, it’s blocking by IP, which can be easily changed.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security issue: password guessing’ is closed to new replies.