feature request: login page blacklist/whitelist by hostname

  • Hi there,

    I know that a general usage of reverse DNS query is a performance issue. But as a login form normally will not be indexed and therefore does not need to fit to performance aspects, this won’t be a problem in my opinion.

    So, great would a feature for the login page that…
    – does a reverse DNS lookup and allow/deny hostname.myprovider.tld, *.myprovidername.tld, *.tld, etc.

    – does a DNS lookup for dynip providers and check if the resolved IP is the same as the querying IP, e.g. “if the IP 123.45.67.89 is the same as the resolve of my.dyndns.tld, my2.dyndns.tld, … , allow logging in”.

    I know that both features aren’t solvable via pure .htaccess but just PHP. On the other hand, that could significantly help securing the login form.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter datlicht

    (@datlicht)

    Btw. adding a reverse DNS feature also would open the possibilities to use DNS blacklists as they are common in the world of email administration (e.g. DNSBL, SpamCop, SORBS, Spamhaus, etc.).

    Yes, I know: WordPress is not an email server. But why should I allow a login from a machine that is well-known as insecure/compromised/hacked?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Thank you for your request. The plugin developers will investigate further your request.

    Kind regards

    Thread Starter datlicht

    (@datlicht)

    Many thanks. ??

    Ah, and another feature in this context could be a check for “bogus” hosts: Normally, a reverse DNS fits to the normal DNS, e.g.

    123.45.67.89 -> my.host.tld
    my.host.tld -> 123.45.67.89 (if multiple IPs, at least one match)

    Otherwise, there is something bogus about this configuration and the question is why I should allow a login from such a host.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘feature request: login page blacklist/whitelist by hostname’ is closed to new replies.