Behavior of the settings

  • Resolved crotchon

    (@crotchon)


    1 year ago

    Hi,
    I carefully read the explanations of the settings in the plugin but I didn’t understand exactly the way the lockout time and retries reset works.
    My settings :
    3 allowed retries
    20 minutes lockout
    2 lockouts increase lockout time to 24 hours
    48 hours until retries are reset.
    Do these settings make sense ?
    What happens after the 24 hours of lockout ?
    Are access allowed for 3 or 6 new retries ? or are they still blocked until the 48 hours expire ?
    Thanks for the answer and best regards.

Viewing 1 replies (of 1 total)
  • Plugin Author WPChef

    (@wpchefgadget)

    You are right, the description can be better. Here is a new one that we will add to the upcoming versions of the plugin (we used your settings in this example):

    After a specific IP address fails to log in 3 times (with each attempt occurring within 48 hours of the previous one), a lockout lasting 20 minutes is activated. During the lockout, new attempts from the same IP are not recorded anywhere; they are denied right away. If additional failed attempts occur after 20 minutes (but not later than 48 hours) and lead to another lockout, once their combined total hits 2, the 20-minute duration is extended to 24 hours. After 24 hours, the IP is free to try to log in again.

    Hopefully it makes sense now. Your “48 hours until retries are reset” setting looks excessive. Retries live in the DB for 48 hours but they get reset after 24 hours of the final lockout so maybe you need to reduce 48 to 24 or less, but nonetheless the system will work even with these settings.

Viewing 1 replies (of 1 total)
  • The topic ‘Behavior of the settings’ is closed to new replies.