[wp-hackers] Admin Login Brute Force Attacks

Chris Williams chris at clwill.com
Wed Mar 20 21:44:07 UTC 2013


Stricter password rules have virtually no effect on brute force attacks,
they simply infuriate legitimate users.

The two proposals I made will dramatically reduce the effectiveness of
brute force attacks, and will increase the speed of their detection if
successful.  They will benefit every WP site, require no changes from
users, and benefit even those sites that still have an "admin" account or
those with sub-standard passwords.

If, as I have seen and has been noted by others, brute force attacks are
becoming a larger portion of WP threats, these two proposals are small,
relatively simple ways to defend every WP site against them.

On 3/20/13 1:29 PM, "Ian Dunn" <ian at iandunn.name> wrote:

>#21737 will tighten password rules.



More information about the wp-hackers mailing list