• Could I detect a lockout by:

    function errorlog_failure_shake($error_codes) {
      if (in_array('too_many_retries', $error_codes)) error_log('LLA: CloudFlare ban IP');
      return $error_codes;
    }
    add_filter('shake_error_codes', 'errorlog_failure_shake', 100000);

    It works only in downloaded login forms.
    Not working on

    • auth cookies
    • DoS HTTP/HEAD requests to wp-login
    • DoS requests to pw reset, signup

    Could you do a do_filter(‘limit_login_lockout’) every time LLA finds out there is a lockout?
    e.g. I would add_filter() sleep or IP blocking to offload my server or error_log or write a rule to .htaccess etc.

    https://www.ads-software.com/extend/plugins/limit-login-attempts/

  • The topic ‘CloudFlare report’ is closed to new replies.