[wp-hackers] Counting failed logins
Owen Winkler
ringmaster at midnightcircus.com
Mon Dec 5 15:25:39 GMT 2005
Podz wrote:
> I'm making an assumption that in order to get access to a blog it has to
> be through wp-login.php and not some passing of a string, but is there a
> way for failed logins to be counted ?
> I can run tools like wwhack against my login page all day and I will get
> no warning that someone is trying to get access. Can this be set to a
> certain number and then something happens - at the very least the blog
> owner getting an email or two ?
I have written an unreleased plugin for this. I was planning on adding
a few other security devices before I put it out there. I was talking
to Skippy about adding some Impostercide features, and was thinking
about incorporating some checks of the user table to watch for
unauthorized capabilities promotion, among other things.
Other thoughts?
Owen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: armor.php
Type: application/x-php
Size: 2416 bytes
Desc: not available
Url : http://comox.textdrive.com/pipermail/wp-hackers/attachments/20051205/f0702faa/armor.bin
More information about the wp-hackers
mailing list