[wp-hackers] Securing Wordpress Login

[Sean Hickey]

I have a hard time imagining WP ever putting a CAPTCHA check on the
login page, since that is an accessibility problem.

Changing the person's password after X number of tries might not work
if the password is changed to something that is coming up on the
crackers list of passwords.  Plus like someone else said, people would
certainly take advantage of that just to be a nuisance.

I think the only real option is to disable the account for X number of
minutes after Y number of failed login attempts.  X can keep getting
longer the more times the password is tried and fails.

Even that is not foolproof, but it throws a wrench in any crackers
software.  Come to think of it, I can't imagine WP doing any of these
things.  Something like that should probably be a plugin.

- Sean
-- 
http://www.headzoo.com