After one of the recent updates for Login Security, someone pointed out that our RSS feed was throwing an error. We were getting a parsing error that there was a problem with character 1, line 2. When we viewed the source, it showed that there was a extra line being put in at the top of the document. After spending hours looking around at all our files, it turned out to be a extra line break at the BOTTOM of the login-security-solution.php file. Once this extra line break was taken out, the RSS feed was working again. I thought I would post about this solution in case anyone else had a problem.
]]>The reason i installed this plugin over login lockdown was the fact it also tracks/blocks xmlrpc login attempts. I was certainly displeased with the fact that it would make logins take longer and longer on accounts with failed attempts despite the footprint of the user making the request.
I assumed that it would only take longer for users making the same failed requests from like the same IP/UA combo but while my account was under attack i was forced to wait for the delayed login and had to reset my password before it let me in. I suggest adding the login delay only for the same footprint as previously failed requests and/or possibly adding exempt from delay IPs. I also would like it if i can say to outright deny IPs if they have X amount of failed attempts rather then let them try all day over and over even if they would never get in due to the password change policy.
Thanks
]]>Hi,
Since the latest craze seems to be attempting to brute-force via xml-rpc requests, my question is: does this plug monitor these requests too? And if not, is this planned for a future release?
]]>Hi
If I have a long list of login attempts, how can I reset or clear the logs in my admin panel?
thanks