Lockout Events?

shelvin_g

New Member
Hi,
I have some security concerns.
Alidropship uses it's own registration form for user registration but what concerns me is that that there no options for a lockout event if someone fails to login after 4 attempts. So, a constant retry means a brute force attack could compromise passwords?
 

shelvin_g

New Member
Thanks - I do use WP Security which has lockout events using the default WP login but it's bypassed with the Dali theme+Dropship plugin.
Will give Wordfence a go.
 

shelvin_g

New Member
I've switched over and tested - and Wordfence has the same issue. No lockout events are triggered from the front-end login.
 

Attachments

  • Wordfence.JPG
    Wordfence.JPG
    64.8 KB · Views: 8

Mar

Moderator
Brute force login attempt with an incorrect password > 10 times
Try All In One WP Security plugin. It has an aggressive lock down feature. It has all the security features including the option to use Honeypot in login page, instead of using Login Captcha.


1575907035140.png
 

Direct Webstore

Well-Known Member
Try All In One WP Security plugin. It has an aggressive lock down feature. It has all the security features including the option to use Honeypot in login page, instead of using Login Captcha.
That's the one I actually use now too. I only suggested Wordfence as it has less setup options.

But really, even after using Cerber and Wordfence for a couple of years, I never had any problems in terms of getting "hacked". But they did stop plenty of bogus login attempts.

the option to use Honeypot in login page, instead of using Login Captcha.
The same as Ninja forms ... another plugin I'd recommend. Much better than Contact Form 7.
 
Last edited:
  • Like
Reactions: Mar

shelvin_g

New Member
Try All In One WP Security plugin. It has an aggressive lock down feature. It has all the security features including the option to use Honeypot in login page, instead of using Login Captcha.

I currently use do All in One WP Security (And I have those values checked)- but no lockout events are ever triggered when there more than 5 (the current set value in All in One WP Security) failed logins from the front-end Dali theme login page. If I try a brute force login at the native WP-admin login page - then only does lockout event trigger and sends me (admin) a mail with a notification.
 
Last edited:

Mar

Moderator
I currently use do All in One WP Security (And I have those values checked)- but no lockout attempts are ever triggered from the front-end Dali theme login page. If I try a brute force login at the native WP-admin login page - then only does lockout attempts trigger.
You mean your login attempts trigger the lock out? What if there is no failed login attempts?
 

Mar

Moderator
Apologies, I confused my words - I've edited my reply. Does that make sense?
What I mean is you tested the lock out function and it worked. So how do you know that it don't work in the front end? What if there was no failed login attempt?
 
Top