[wp-hackers] Admin Login Brute Force Attacks
Ian Dunn
ian at iandunn.name
Wed Mar 20 20:29:25 UTC 2013
#21737 will tighten password rules.
IMHO, Login Security Solution is a much more sophisticated plugin to
block brute force attempts than Limit Login Attempts, Login Lock, Login
Lockdown, etc. It also can enforce password requirements.
http://wordpress.org/extend/plugins/login-security-solution/
On 03/20/2013 12:33 PM, Marko Heijnen wrote:
> Hey,
>
> I wouldn't recommend this plugin. You only need it when you don't trust the plugins you are using. For me it would give me fake trust that everything is more safe.
> The reasons is that most things aren't needed or fixed in the wrong place. Executable file uploads can't be done or can be fixed by using filters.
> Also PHP files in the upload folder shouldn't be executable at all. You can solve that with .htaccess or nginx rules.
>
> You are already doing one thing good and that is limiting the amount of failed logins. You still can force better passwords.
> That is also something WordPress by default should do. In my case I'm running a network site and will implement an IP check for all super admin accounts.
> But yeah something like that would be for plugins to take care off.
>
> Marko
>
> Op 20 mrt. 2013, om 20:09 heeft Joan Artés <jartes at gmail.com> het volgende geschreven:
>
>
More information about the wp-hackers
mailing list