Brute force question -confusing documentation

  • Resolved Jonas Lundman

    (@jonas-lundman)


    8 years, 2 months ago

    Hi

    I enabled login attempt alert, with 30 attempts settings. I got the alerts but what does Sucuri free version do about it? Or what should I do/ can do as default about it?

    You docs says:

    “Any client using CloudProxy is already automatically protected. We
    restrict access to the login pages to only authorized IP addresses and we
    also have a brute force detection included that blocks an IP address after
    too many failed login attempts.”

    What means with “We restrict…” = Is “we” = sucuri or is “we” CloudProxy service? Is it the same thing?

    I dont use cloudProxy service, so, does sucuri free version:

    “…restrict access to the login pages to only authorized IP addresses and we also have a brute force detection included that blocks an IP address after too many failed login attempts…”?

    There is also this:

    “You could manually block the IP in your control panel (What panel? WP or Sucuri or CloudProxy?). Or if the attempt is made for a nonexisting user account, you can block the user. From the plugin:

    “Any user login passing across the built-in mechanism that WordPress provides to authentication the session will be intercepted by the plugin and analyzed to see if the username is in the list of blocked accounts, if yes then the request will be stopped. No logs will be registered and no alerts will be sent to your email.”

    I just dont got it…

    All I want is a 30 attempted IP gonna be permanent denied from my site. Is it possible with this free version?

    / Best reg, Jonas

Viewing 6 replies - 1 through 6 (of 6 total)

  • Nope, the free plugin will not block them. That’s just a warning to let you know what is going on.

    In fact, the plugin will not stop any bad behaviour as it is an auditing and hardening-only plugin.

    As for the messages being confusing, mind sending a suggestion on how to improve them via our github? PR’s are more than welcome:

    https://github.com/Sucuri/sucuri-wordpress-plugin

    thanks!

    Thread Starter Jonas Lundman

    (@jonas-lundman)

    Hi, Thanks for your time and contributing to WP!

    So this part:

    …will be intercepted by the plugin and analyzed to see if the username is in the list of blocked accounts, if yes then the request will be stopped…

    if yes then the request will be stopped You wrote:

    In fact, the plugin will not stop any bad behaviour as it is an auditing and hardening-only plugin.

    So I’m little more confused…

    Hi Jonas,

    Sorry for any confusion. The interception and blocking are part of the Sucuri CloudProxy services.

    eve@sucuri

    Thank you @jonas-lundman we will review all the documentation in the plugin and release a new version with clear messages and the differences between the features provided by the free WordPress plugin and the ones provided by premium services like CloudProxy. You can follow the progress of these changes in this repository [1].

    [1] https://github.com/Sucuri/sucuri-wordpress-plugin/commits/master

    Thread Starter Jonas Lundman

    (@jonas-lundman)

    Thanks for your effort and your contribution to the WP World. Im sorry to tell that I found a free plugin/ solution that works better than Sucuri for my needs.

    Thread Starter Jonas Lundman

    (@jonas-lundman)

    By the way, This thread is NOT RESOLVED as someone marked.

    …we will review all the documentation in…

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Brute force question -confusing documentation’ is closed to new replies.