[wp-hackers] Admin Login Brute Force Attacks
Marko Heijnen
mailing at markoheijnen.nl
Wed Mar 20 22:25:54 UTC 2013
I agree with Ian on this. A better password does really help. Also never had a client who was hacked dua a brute force attack.
However I had clients who where hacked because their computer was compromised.
Op 20 mrt. 2013, om 23:21 heeft Ian Dunn <ian at iandunn.name> het volgende geschreven:
> Do you mean they'll have no effect on preventing the login attempts, in the way that IP banning does? I'd agree with that, but I don't think that's the only way to have an effect.
>
> The reason I thought it was relevant was because a simple password like "ilovefluffy" would take a script a few hours/days to crack, while a WP-generated password like "'}?(x${G9oYRM.7" would take years/decades (via HTTP, but obviously much less if they had the db hash).
>
> I do think you make a good point about frustrating users, though, which can often have the unintended consequence of encouraging them to adopt insecure practices to make things more convenient for themselves (e.g., writing the new password on a stickynote because it's too complex to memorize.). For computer-literate users, I think encouraging them to use a password manager might be a good idea, but that would be too complicated for some beginners.
>
>
> On 03/20/2013 02:44 PM, Chris Williams wrote:
>> Stricter password rules have virtually no effect on brute force attacks,
>> they simply infuriate legitimate users.
>>
>> On 3/20/13 1:29 PM, "Ian Dunn" <ian at iandunn.name> wrote:
>>
>>> #21737 will tighten password rules.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list