[wp-hackers] Limit Login Attempts

David Anderson david at wordshell.net
Tue Apr 16 15:59:32 UTC 2013

With the present attacks, per-IP blocks are not necessarily effective, 
because the attackers have vast numbers of IPs.

The attack is distributed. So why shouldn't we build a distributed defence?

Produce a plugin that, before allowing login, verifies the connecting IP 
against a source in the cloud. All that's needed is someone to provide 
that source in the cloud. "Dear cloud - what do you think of that IP" 
"Well, that IP has had A failed logins on B different WordPress sites in 
C different countries in the last D minutes" (tweak accordingly to have 
a sensible algorithm, etc.).

That's a gap in the market for someone to earn some community credit, or 
money, from.


> -- 
> WordShell - WordPress fast from the CLI - www.wordshell.net

More information about the wp-hackers mailing list