[Plugin: Limit Login Attempts] Several Notifications For IP Block…

  • Thank you again for making this really useful plugin. The plugin has recorded and blocked a lots of ip addresses. What should I do now or what can I do to make the attackers away from my site? Is there any law or something like that? thanks.

Viewing 1 replies (of 1 total)
  • Plugin Contributor johanee

    (@johanee)

    I cannot comment on your legal situation.

    If you are under active attack I would recommend:
    1. Make sure you use strong passwords (12+ truly random characters). Personally I use a password manager and 15-20 character passwords because, why not?
    2. Most bot-style attacks go for the “admin” user. You might want to avoid this username if possible.
    3. Perhaps strengthen the plugin options somewhat: 2-3 allowed attempts, 24h for retries to reset.

    If you have a strong password it is almost impossible to brute force it when login attempts are limited. We’re talking age of the universe timespans here.

    If they truly hammer your site it is still annoying of course, and possibly a performance/DDOS issue if they go all out. In that case you might want to look into blocking the IP in htaccess.

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: Limit Login Attempts] Several Notifications For IP Block…’ is closed to new replies.