[wp-trac] [WordPress Trac] #24193: Anti brute force protection

WordPress Trac noreply at wordpress.org
Thu Apr 25 18:44:24 UTC 2013


#24193: Anti brute force protection
-------------------------+------------------------------
 Reporter:  MAzZY        |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Users        |     Version:  3.5.1
 Severity:  normal       |  Resolution:
 Keywords:               |
-------------------------+------------------------------

Comment (by knutsp):

 1) Captcha is not wanted. Really bad UX.
 2) Inability for whom? If per IP it doesn't work for coordinated attacks.
 If per user anyone can cause the site owner to be blocked. At also
 generates huge login logs, especially when attacked (a possible DoS
 attack). Not good.
 3) '''Use a strong password'''. Some plugins may also limit the login
 attempts, if that is what you want. A plugin may also hide the login form
 for robots (obscurity).

 The best approach for core is to make it very difficult, or almost
 impossible, to set a weak password. Strong passwords are real security.
 There is a feature request for this in ticket #21737.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/24193#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list