[wp-hackers] Limit Login Attempts
David Anderson
david at wordshell.net
Tue Apr 16 15:59:32 UTC 2013
With the present attacks, per-IP blocks are not necessarily effective,
because the attackers have vast numbers of IPs.
The attack is distributed. So why shouldn't we build a distributed defence?
Produce a plugin that, before allowing login, verifies the connecting IP
against a source in the cloud. All that's needed is someone to provide
that source in the cloud. "Dear cloud - what do you think of that IP"
"Well, that IP has had A failed logins on B different WordPress sites in
C different countries in the last D minutes" (tweak accordingly to have
a sensible algorithm, etc.).
That's a gap in the market for someone to earn some community credit, or
money, from.
David
> --
> WordShell - WordPress fast from the CLI - www.wordshell.net
More information about the wp-hackers
mailing list