[wp-hackers] Securing Wordpress Login

Brian Layman Brian at TheCodeCave.com
Tue Aug 22 18:30:17 GMT 2006


>Just block the offending IP and be on with life. Not sure how 
>you handle a very advanced cracker, ie, one that uses multiple IP's.

Blocking IPs simply doesn't work for the real buggers out there. I know from
doing admin stuff, from FileFront's GamingForums, that too often you have
both good and bad users on an ISP with shared IP pools.  You can't ban just
one IP when dealing with dynamic IP addresses, because the user will just
reboot their router and have a new ip address and a good user might get that
"bad" ip address next the next day.  And you equally can't ban the range
because you have good users in that range.  You might be willing to block
out a large chunk of a city for a smaller blog (I think I am still blocking
all Tampa Bay TimeWarner Cable customers on one site), but not for a larger
one.  

Besides, there are too many anonymous proxy engines out there.  And THEN you
get into the topic of using DNSBLs to block logins from anonymized IP
addresses.  That's a tough row to ho.  DNSBL blocked comments eventually
grew into Akismet!






More information about the wp-hackers mailing list