Login Security Solution
[resolved] [Suggestion] add optional SYSLOG of failed logins (4 posts)

  1. mdSeuss
    Posted 3 years ago #

    I really like your plugin and I especially like the table you create and track the attempts.

    I also really like the knobs you've built into the plugin to set the various 'alert' levels including time based interval tuning.

    This is a suggestion for perhaps added function to this plugin (and feel free to point me elsewhere if WordPress already does this).

    A popular security tool for folks who run their own servers is http://www.fail2ban.org/wiki/index.php/Main_Page Fail2Ban. This tool basically works by watching log files for events and then inserting the offending IP address directly into a firewall block list.

    I am pretty sure all you need to do to your plugin is add some basic SYSLOG reporting allowing folks to a) turn it on b)set the SYSLOG parameters and c) be sure to include the IP address etc. If I were to use it, I'd want the SYSLOG message generated with the same controls that your email notification currently uses.

    Just some thoughts. I'd be happy to test out any changes you might make. One of my sites is under dictionary attack by an IP address that tries ONE admin password every 10-15 minutes 7x24


  2. invisnet
    Posted 3 years ago #

    Try WP fail2ban. I like my plugins simple and standalone (one task, one plugin) which is why I wrote this one. YMMV.

  3. mdSeuss
    Posted 3 years ago #

    Indeed, WP fail2ban pops the message to syslog nicely.

  4. Daniel Convissor
    Plugin Author

    Posted 3 years ago #

    Nice job invisnet. Though your use of anonymous functions (thus requiring PHP 5.3) seems unnecessary to me.

    Maybe I'll put this in a future release. Maybe not. Either way, WP fail2ban does the job.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Login Security Solution
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic