[Plugin: Limit Login Attempts] Feature requests

  • spiffywiffy

    (@spiffywiffy)


    14 years, 8 months ago

    Hello:

    First of all – great plugin – works well for us!

    Would it be possible to consider adding a feature that whitelists IP ranges? If it could be done using CIDR format or wildcards, that would work best. I realise this may work contrary to the goal of this plugin, but in our situation, it would be useful. Most of our users access our multi-site WP install from our internal network. Users get brain farts and end up locking themselves out needlessly. A whitelisting feature would reduce our support requirements. If the plugin could still deliver an informational message after X attempts directing users to support, but not lock them out, that would be great.

    Also, it would be great if the error messages could be customized from Dashboard plugin settings. This way, we could direct legitimate users accessing from external IP’s who have clearly forgotten their password to a help desk. Could just edit code, but throwing it out there for possible inclusion.

    Thanks!

    http://ww.wp.xz.cn/extend/plugins/limit-login-attempts/

Viewing 1 replies (of 1 total)
  • Plugin Contributor johanee

    (@johanee)

    14 years, 8 months ago

    Hi,

    I would strongly recommend against completely whitelisting internal adresses, for various reasons: insider attacks, wireless access, hacked desktops, etc. More lenient limits perhaps, but not complete whitelisting.

    Anyway, I have actually gotten a few questions about this kind of thing.

    I’m considering adding some filter hooks so that number of attempts and/or lockout time can be customized (perhaps based on IP). Would that work for you?

    It would require you to create a small custom plugin with whatever logic you require.

    Something similar could perhaps be done with the error messages.

Viewing 1 replies (of 1 total)

The topic ‘[Plugin: Limit Login Attempts] Feature requests’ is closed to new replies.