[wp-hackers] Securing Wordpress Login

Sean Hickey seanhickey at gmail.com
Mon Aug 21 23:00:21 GMT 2006

I have a hard time imagining WP ever putting a CAPTCHA check on the
login page, since that is an accessibility problem.

Changing the person's password after X number of tries might not work
if the password is changed to something that is coming up on the
crackers list of passwords.  Plus like someone else said, people would
certainly take advantage of that just to be a nuisance.

I think the only real option is to disable the account for X number of
minutes after Y number of failed login attempts.  X can keep getting
longer the more times the password is tried and fails.

Even that is not foolproof, but it throws a wrench in any crackers
software.  Come to think of it, I can't imagine WP doing any of these
things.  Something like that should probably be a plugin.

- Sean

More information about the wp-hackers mailing list