limited lockout

  • Resolved michabbs

    (@michabbs)


    1 year, 5 months ago

    Login attempts limit is generally good idea, but there is a problem: Webshop users are… not very cooperative. They forget passwords all the time. In order to let them easily purchase my goods I have to either disable the login limit or set it to high value – like 10, or better 50.

    On the other hand – I really really want to limit admin logins.

    Is there a way to achieve one if this behaviours?

    1. Disable login limit for all users and enable it only for selected groups (admins, editors…)
    2. Or enable login limit for all users and disable it for selected groups (customers)
    3. Or set separate limits per groups.
    4. Or enforce limits only on 2FA failure, not on password mismatch. (This is because “normal” customers do not have 2FA enabled, and admin has one.)

    If impossible – this might be a new feature request. ??

Viewing 1 replies (of 1 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @michabbs

    It is not possible right now based on User role you can enable / disable limit login ( login lockout ) feature.

    Yes, I will create internal ticket for this as new feature request.

    Here you want limit login attempts for admin user. Please make sure you have enabled below features.

    XML RPC call get_UserBlogs is the reason for invalid login attempt by bot.

    1. Enable rename login page – WP Security > Brute force > Rename login page
    2. Enable captcha for login page.- WP Security > Brute force > Captcha settings
    3. Stop admin username being exposed – WP Security >Miscellaneous > User enumeration tab
    4. Disable XML RPC call – WP Security > Firewall > Basic firewall tab

    Please make sure also you do not use common user name “admin” also make sure User login > Login lockout have – Instantly lockout specific usernames: which tried actual invalid login attempts.

Viewing 1 replies (of 1 total)
  • The topic ‘limited lockout’ is closed to new replies.