Free slots earn real money,Joy jili casino login register philippines download.REGISTER NOW GET FREE 888 PESOS REWARDS!

dowista
(@dowista)

1 year, 1 month ago

Hello. Problem that you can press resend button many times as you want, and spam mail box with codes. How edit plugin for some delay before send code again or restrict IP address for too many code requests.

Viewing 4 replies - 1 through 4 (of 4 total)

Thread Starter dowista
(@dowista)

1 year ago
If anyone need countdown at resend button, open: includes/classes/Authenticator/class-login.php

find and add:
```
<p class="2fa-email-resend">
<input type="submit" id="MyBtn" class="button"
 name="<?php echo esc_attr( self::INPUT_NAME_RESEND_CODE ); ?>"
 value="<?php esc_attr_e( 'Resend Code', 'wp-2fa' ); ?>"/> 
<span id="countdown">0:00</span>
</p>
```
and after this add script:
```
$('#MyBtn').prop('disabled',true);
             startCountDown();

                $("#MyBtn").click(function() {
  $('#MyBtn').prop('disabled',true);
  $('#countdown').show();
  startCountDown();
});

           function startCountDown() {
  var minutes = 0,
    seconds = 59;
  $("#countdown").html(minutes + ":" + seconds);
  var count = setInterval(function() {
    if (parseInt(minutes) < 0 || parseInt(seconds) <=0 ) {
      $("#countdown").html(minutes + ":" + seconds);
      clearInterval(count);
      $('#MyBtn').prop('disabled',false);
      $('#countdown').hide();
    } else {
      $("#countdown").html(minutes + ":" + seconds);
      seconds--;
      if (seconds < 10) seconds = "0" + seconds;
    }
  }, 1000);
}
```
Plugin Contributor robertabela
(@robert681)

1 year ago

Thank you for using our plugin dowista.

I am afraid I am not understanding the problem; to access that button / functionality you need to submit the correct credentials. Then, what is the risk here? The users spamming their own mailbox?

The issue here is that the more checks and limitations that you add, the more complex things become and the more restricted the user experience is.

Looking forward to hearing from you.

Thread Starter dowista
(@dowista)

1 year ago

Hello. Thank you for your answer @robert681

to access that button / functionality you need to submit the correct credentials. Then, what is the risk here? The users spamming their own mailbox?

Please think deeper. Firstly, why we use this plugin? To protect accounts, protect admin area from unauthorized login. Yes, you are correct, users who login with their data, probably they wont spam mailbox. But if hacker or person who want harm your website will get login data? They can spam mailbox, until website host IP will be marked as a spam. For example, why companies witch use 2FA steps, they have delay before you can send your code again.

You can use two layers of protect from this spam:

#1 You can use script. After code resend button press, you can disable button for some time.

#2 Make limit login attempts in website. For example after 5 login attempts / 5 code resend, account or IP will be restricted for some time and user will be inform about that in email.

Plugin Contributor robertabela
(@robert681)

1 year ago

Thank you very much for the detailed information and explanation, Dowista.

I have added this to our to do list so we can see how / if we can improve this. By the way, we already have a plugin which limits login attempts on WordPress.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Resend button spam’ is closed to new replies.