[wp-hackers] Counting failed logins
Roy Schestowitz
r at schestowitz.com
Mon Dec 5 12:53:45 GMT 2005
_____/ On Mon 05 Dec 2005 12:08:52 GMT, [Podz] wrote : \_____
> I'm making an assumption that in order to get access to a blog it has to
> be through wp-login.php and not some passing of a string, but is there a
> way for failed logins to be counted ?
> I can run tools like wwhack against my login page all day and I will get
> no warning that someone is trying to get access. Can this be set to a
> certain number and then something happens - at the very least the blog
> owner getting an email or two ?
>
> P.
This is similar to what Mambo sought at some stage:
http://forum.mamboserver.com/showthread.php?t=14740
Notice the other intersting suggestions in this post. In principle, it
should not be difficult to implement what you suggest. I am not a PHP pro-
grammer so I would probably just scan the log file, trimming and counting
all requests for wp-login.php and then looking for unfamiliar IP address-
es.
In PHP, you could probably just retain a file where logins get appended
(similar to "last login" in cPanel) and, every once in a while, such file
will be investigated and a warning message sent if it grows too quickly. I
am aware that this wouldn't reflect on the number of failed attempts pre-
cisely, as they would be mixed with successful ones. If you talk about
brute-force tools, however, this will give you rough insight into illicit
activities that revolve near your site.
SSH'ing for root access, even on Windows and Mac workstation, is something
that can get hudreds of attempts per day, but firewalls are often there to
intercept it. Maybe restrict wp-login.php to only a few trusted IP ad-
dresses, or a certain IP C block? Making it an advanced option perhaps?
Roy
More information about the wp-hackers
mailing list