[wp-hackers] Limit Login Attempts

Chris Williams chris at clwill.com
Wed Apr 17 15:06:07 UTC 2013

What I am suggesting is a plugin, perhaps a part of JetPack, perhaps not.
And as such, it is not a part of the core WP project.

However, it requires an entity with the horsepower to be able to respond
to requests from millions of WP sites.  As such, it is beyond the scope of
essentially all WP plugin developers.  Except Automattic.  Perhaps others
exists, but I'm unaware of them.

Because unauthorized access to secure logins threatens the very health of
the entire WP ecosystem (just as spam did years ago), it is clearly in the
best interest of a company making their living on WP to address.

And note that this "separate but not" relationship of Automattic/Wordpress
is still imperfect.  Akismet is included in every WP download, no?

So, in general, is this proposal presumptuous?  I guess so.

On 4/17/13 7:47 AM, "Chip Bennett" <chip at chipbennett.net> wrote:

>IMHO it would be best, at this stage of such discussions, to dissociate
>proposed solution from any given entity who might implement it. Automattic
>is a commercial endeavor independent from the WordPress project, and may
>may not want to take on the effort/burden of implementing a SaaS solution
>to the brute-force attack problem. It is somewhat presumptuous to discuss
>solution provided by Automattic unless/until Automattic themselves
>a desire to develop such a service.
>Also: Automattic has commercialized Akismet. While that's certainly within
>their prerogative, it likely does not bode well for a critical security
>solution. While several other anti-spam tools exist for WordPress users,
>is unlikely that the same will hold true for a solution such as the one
>being discussed here.

More information about the wp-hackers mailing list