Reset counter after a successful Login

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author gioni

    (@gioni)

    NOP. That’s security breach. That allows registered users find out your password and WP Cerber will not protect you.
    Imagine, you have a user which decide to obtain admin privilege. Or maybe, that’s a rogue with stolen credentials of some user. Resetting failed attempts counter after successful login allows that user to try remained attempts to check passwords for any other known user. Let’s say you allowed 3 attempts. That means that user have 2 attempts to try password and 1 successful login to reset counter. Doing those steps again and again allows to find out password. And, of course, it’s easy to create PHP script to automate that process.

    Thread Starter ma-e-ma

    (@ma-e-ma)

    I get you point.
    But is referring to the IP, not only login ?

    So this counter will be never reset ?
    What appends if over 3 months I miss 3 time from a static IP.
    I will no be able at all to login again ?

    This mean I have to the database…. in order to reset my IP.

    Plugin Author gioni

    (@gioni)

    Don’t worry. Plugin works a bit different. It checks the activity log only for certain period of time. You define that period X in the settings:

    ... allowed retries in X minutes

    and

    ... after lockouts in the last X hours

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Reset counter after a successful Login’ is closed to new replies.