lipemat/limit-logins

WordPress plugin to prevent brute force attacks

Maintainers

Details

github.com/lipemat/limit-logins

Source

Issues

Fund package maintenance!
lipemat

Installs: 49

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

Type:wordpress-plugin

0.15.0 2024-05-01 15:42 UTC

Requires

MIT e618caf8aa2865d5265ceebc9575f3dd66e148f5

This package is auto-updated.

Last update: 2024-05-01 15:42:43 UTC

README

Version WordPress PHP License

WordPress plugin that limits the number of concurrent logins for a user.

If you really want to prevent brute force attacks and are not concerned with annoying your legitimate users, this plugin may be for you.

Tracks

  • User ID
  • IP Address

If the same IP or username fails to login more than 5 times then neither the user nor the IP will be able to login for 12 hours.

Purpose

I had been using other limit login attempts plugins for a long time. Every time an attacker was able to find a way to attempt more logins than the set number, I wrote another extension and unit tests. While writing around something like 30 tests, I realized that no third-party plugin was ever going to provide the desired level of security. There is simply too much concern over affecting legitimate users.

This plugin is the combination of every extension and unit test I wrote for the other plugins.

Sorry attackers, but I'm over you. :-p

Installation

composer require lipemat/limit-logins

Usage

require __DIR__ . '/vendor/autoload.php'

Notes

This plugin is intended to be used within an OnPoint Plugins project. It is likely going to have a lot of assumptions that are specific to our projects.