[wp-hackers] Counting failed logins

Owen Winkler ringmaster at midnightcircus.com
Mon Dec 5 15:25:39 GMT 2005


Podz wrote:
> I'm making an assumption that in order to get access to a blog it has to
> be through wp-login.php and not some passing of a string, but is there a
> way for failed logins to be counted ?
> I can run tools like wwhack against my login page all day and I will get
> no warning that someone is trying to get access. Can this be set to a
> certain number and then something happens - at the very least the blog
> owner getting an email or two ?

I have written an unreleased plugin for this.  I was planning on adding 
a few other security devices before I put it out there.  I was talking 
to Skippy about adding some Impostercide features, and was thinking 
about incorporating some checks of the user table to watch for 
unauthorized capabilities promotion, among other things.

Other thoughts?

Owen


-------------- next part --------------
A non-text attachment was scrubbed...
Name: armor.php
Type: application/x-php
Size: 2416 bytes
Desc: not available
Url : http://comox.textdrive.com/pipermail/wp-hackers/attachments/20051205/f0702faa/armor.bin


More information about the wp-hackers mailing list