Explanation missing if not even misleading

  • This is the plugins description:

    WP Login Delay is a plugin that adds a one second delay when logging into the system in order to slow down any brute-force attack on your website.

    The first part is clear to me so far:

    WP Login Delay is a plugin that adds a one second delay when logging into the system

    But the second part needs explanation. You write:

    in order to slow down any brute-force attack on your website.

    The relationship between adding a one second delay per a single request while having a multi-request brute-force attackis not clear to me.

    In the end this delays the whole brute-force attack for exactly a single second which is so short that I’d say this is not slowing it down at all.

    Please fix the descrption, perhaps leave the brute-force attack completely out there? This gives a far more correct description then:

    WP Login Delay is a plugin that adds a one second delay when logging into the system. Nothing more and nothing less.

    https://www.ads-software.com/plugins/wp-login-delay/

Viewing 1 replies (of 1 total)
  • Plugin Author michael.damoiseau

    (@michaeldamoiseau)

    Hi Hakre,

    Thanks for your feedback on the plugin!

    I wrote this plugin after writing a post about brute force attack on my blog (https://damoiseau.me, in French only) where I was wondering if adding a delay to the login step would prevent any brute force attack to happen…

    Actually I don’t think it will prevent any attack of this kind, but I do think that it can greatly slow down the process of finding your password. One second is not much for a human, but for a program it can be very long, especially when it has a long list of passwords to test.

    Any comment on my little theory more than welcome ??

Viewing 1 replies (of 1 total)
  • The topic ‘Explanation missing if not even misleading’ is closed to new replies.