Increase Number of Login Attempts

  • Resolved verysiberian

    (@verysiberian)


    3 years, 3 months ago

    Hello,

    Thanks for this plugin, which I am now using on most of my SiteGround hosted sites. The biggest problem I have with the plugin, though, is its fairly rigid limit on login attempts. I seem to have a number of valid users who lock themselves out after five failed login attempts. Of course, we know that they should simply reset their passwords, but they don’t, and then I end up getting hit with support emails.

    Please add more options for higher number of failed login attempts — perhaps up to 20 — before the limit is hit. That would allow those of us who want to protect login security but also be a bit more tolerant of users who refuse to reset their passwords and then lock themselves out. ??

    Best regards,
    Rob

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Stoyan Georgiev

    (@stoyangeorgiev)

    Hey there @verysiberian,

    Increasing the login attempts to such high numbers may lead to data breaches. The idea behind the login attempt is to restrict brute force attacks. By increasing that number, you risk a potential password match and therefore leading to a security breach.

    For example, a weak password can be breached with fewer attempts. Giving more attempts to a potential attacker will make things easier for them.

    Kind regards,
    Stoyan

    Thread Starter verysiberian

    (@verysiberian)

    I understand what you are saying. I had hoped for a bit more flexibility on your end. Surely I am not the only one with users who lock themselves out after five failed login attempts. You may want to consider that most sites are using reCAPTCHA and other methods, not just your plugin, to limit bruce force attacks.

    On that note, rather than being unwilling to increase the login attempt cap, it would be nice for you to consider additional methods (e.g., no duplicate login attempts for the same username or email address within a certain time period).

    Here’s hoping that you will reconsider. I will otherwise simply have to deactivate the login protection feature and use a different plugin if yours remains rigidly capped at 5 login attempts.

    Best regards,
    Rob

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Increase Number of Login Attempts’ is closed to new replies.