Lockout Events?

[shelvin_g]

Hi,
I have some security concerns.
Alidropship uses it's own registration form for user registration but what concerns me is that that there no options for a lockout event if someone fails to login after 4 attempts. So, a constant retry means a brute force attack could compromise passwords?

 

[Direct Webstore]

Install Wordfence. SImple as that.

 

[shelvin_g]

Thanks - I do use WP Security which has lockout events using the default WP login but it's bypassed with the Dali theme+Dropship plugin.
Will give Wordfence a go.

 

[shelvin_g]

I've switched over and tested - and Wordfence has the same issue. No lockout events are triggered from the front-end login.

 

[Direct Webstore]

tested

How?

 

[shelvin_g]

Brute force login attempt with an incorrect password > 10 times

 

[Mar]

Brute force login attempt with an incorrect password > 10 times

Try All In One WP Security plugin. It has an aggressive lock down feature. It has all the security features including the option to use Honeypot in login page, instead of using Login Captcha.

 

[Direct Webstore]

Try All In One WP Security plugin. It has an aggressive lock down feature. It has all the security features including the option to use Honeypot in login page, instead of using Login Captcha.

That's the one I actually use now too. I only suggested Wordfence as it has less setup options.

But really, even after using Cerber and Wordfence for a couple of years, I never had any problems in terms of getting "hacked". But they did stop plenty of bogus login attempts.

the option to use Honeypot in login page, instead of using Login Captcha.

The same as Ninja forms ... another plugin I'd recommend. Much better than Contact Form 7.

 

[shelvin_g]

Try All In One WP Security plugin. It has an aggressive lock down feature. It has all the security features including the option to use Honeypot in login page, instead of using Login Captcha.

I currently use do All in One WP Security (And I have those values checked)- but no lockout events are ever triggered when there more than 5 (the current set value in All in One WP Security) failed logins from the front-end Dali theme login page. If I try a brute force login at the native WP-admin login page - then only does lockout event trigger and sends me (admin) a mail with a notification.

 

[Mar]

I currently use do All in One WP Security (And I have those values checked)- but no lockout attempts are ever triggered from the front-end Dali theme login page. If I try a brute force login at the native WP-admin login page - then only does lockout attempts trigger.

You mean your login attempts trigger the lock out? What if there is no failed login attempts?

 

[shelvin_g]

You mean your login attempts trigger the lock out? What if there is no failed login attempts?

Apologies, I confused my words - I've edited my reply. Does that make sense?

 

[Mar]

Apologies, I confused my words - I've edited my reply. Does that make sense?

What I mean is you tested the lock out function and it worked. So how do you know that it don't work in the front end? What if there was no failed login attempt?