All users lockout from same IP address

  • Resolved Ankit Chauhan

    (@ankitchauhan22)


    2 years, 9 months ago

    Thanks for the plugin!

    If there are 100 users accessing a website from one organization which has one public IP address and account lockout made due to false login attempt by one user, which is IP address based, every user account from that organization is blocked. How would the other users access the website?

    And, why the plugin is storing evey failed login attempt? Don’t you think this is unnecessary. Only lockout or successful login event could be suffice.

    Regards
    Ankit

Viewing 1 replies (of 1 total)

  • Hi Ankit,
    Thank you for your message.

    You raise a good point regarding large numbers of users sharing a single IP address. The benefit of using a ‘Trusted’ devices system such as GuardGiant is that it will not block every user from that IP address – only ‘Unrecognised’ devices are affected. In contrast, a ‘limit logins’ plugin would implement a blanket ban and affect all users attempting to login from that IP address (this is why the ‘Trusted’ devices approach is used by larger sites). Note that you can disable blocking by IP address in the GuardGiant settings page if you prefer.

    Regarding the audit log, it is best practice to do so, and virtually all security policies require that login attempts are logged and the records kept for a certain time period. In the case of GuardGiant records are kept for 3 months after which they are deleted. You may find this blog post useful https://www.guardgiant.com/wordpress-login-activity-3-things-you-should-be-tracking/

    Thank you again for your questions.

    Kind regards,

    GuardGiant Team

Viewing 1 replies (of 1 total)
  • The topic ‘All users lockout from same IP address’ is closed to new replies.