[wp-hackers] Admin Login Brute Force Attacks

Chip Bennett chip at chipbennett.net
Wed Mar 20 23:10:37 UTC 2013


I use Limit Login Attempts, with escalated cooldown.

After the first 3 misses? You might be legit, but wait 5 minutes, anyway.

By the 12th miss? You're a dirty spammer. Come back in six months.

Also: I keep the "admin" account - reduced to the "subscriber" role. It
makes for a great honeypot.


On Wed, Mar 20, 2013 at 7:05 PM, Chris Williams <chris at clwill.com> wrote:

> And if you reduce the 1000 guesses/sec to 16 guesses a day, either of
> these examples turn into millennia.
>
> On 3/20/13 3:45 PM, "John Blackbourn" <johnbillion+wp at gmail.com> wrote:
>
> >On 20 March 2013 22:30, Doug Stewart <zamoose at gmail.com> wrote:
> >> Correct horse battery staple.
> >
> >In case anyone thinks Doug has gone bonkers, this is a reference to
> >this XKCD thread which quite neatly explains entropy in passwords:
> >http://xkcd.com/936/. Basically, length is the all-important factor in
> >password strength.
> >_______________________________________________
> >wp-hackers mailing list
> >wp-hackers at lists.automattic.com
> >http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list