Hi k0872 thank you for your request. One of the plugin developers will assess your request. In the mean time you can enable the following under User Login -> Login Lockdow
Instantly Lockout Invalid Usernames:
The above option will lockdown any trying to use admin or Admin.
You can also enable one of the Brute Force options which blocks every attempt to the login admin area unless they know the secret word.
Regards
Thread Starter
k0872
(@k0872)
Thanks
I have seen this, but our site has many users who will routinely make a spelling mistake whilst trying to login, so this feature would block them and log them out.
what we see in the logs is that we have thousands of failed admin username login attempts, we also have the site lockdown after 5 attempts.
But would be great to lockout potential hack attempts that try this admin login.
Hi k0872 I was not aware that your site is a membership site. Then, some of my suggestions above might not work correctly.
Do you have a membership plugin? If not have you ever thought of using a membership plugin?
Thread Starter
k0872
(@k0872)
Thanks I will look into that,
but ideally I just want to be safe in knowledge that admin attempts are being redirected or banned,
we also have small brute force attacks using know usernames, which we are keeping a close eye on, but those usernames only use one ip address and could be whitelisted.
so far your plugin and some tailed htaccess rules has kept us safe.
thanks
