[wp-hackers] Limit Login Attempts

Michael Donaghy mike at donaghy.biz
Tue Apr 16 16:02:38 UTC 2013


That's what cloudflare does. I'd suggest using cloudflare to most wordpress
installs out there.

For other reasons, cloudflare isn't a viable solution for my environment.

On Tue, Apr 16, 2013 at 11:59 AM, David Anderson <david at wordshell.net>wrote:

> With the present attacks, per-IP blocks are not necessarily effective,
> because the attackers have vast numbers of IPs.
>
> The attack is distributed. So why shouldn't we build a distributed defence?
>
> Produce a plugin that, before allowing login, verifies the connecting IP
> against a source in the cloud. All that's needed is someone to provide that
> source in the cloud. "Dear cloud - what do you think of that IP" "Well,
> that IP has had A failed logins on B different WordPress sites in C
> different countries in the last D minutes" (tweak accordingly to have a
> sensible algorithm, etc.).
>
> That's a gap in the market for someone to earn some community credit, or
> money, from.
>
> David
>
>  --
>> WordShell - WordPress fast from the CLI - www.wordshell.net
>>
> ______________________________**_________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
> http://lists.automattic.com/**mailman/listinfo/wp-hackers<http://lists.automattic.com/mailman/listinfo/wp-hackers>
>


More information about the wp-hackers mailing list