前段时间安装的这个插件,经常发现有很多IP的登录尝试。今天绝了,插件发送的邮件记录显示从3点多到现在9点多到一直有人在尝试admin登录。本人设置了登录失败4次禁止该IP登录10分钟,连续两组禁止该IP登录240小时,然后发送一封告警邮件。现在还在不停的收到告警邮件,不过有了这个自动IP禁止插件,尝试者需要不停的换IP。虽然还是有尝试,但放心多了。。。
这个插件是老外开发的,最近更新已经是3年前了,但现在仍然好用。直接在wp后台搜索Limit Login Attempts就可以安装,下面是插件自己的description:
Limit the number of login attempts possible both through normal login as well as using auth cookies.
By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.
Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
Features
Limit the number of retry attempts when logging in (for each IP). Fully customizable
Limit the number of attempts to log in using auth cookies in same way
Informs user about remaining retries or lockout time on login page
Optional logging, optional email notification
Handles server behind reverse proxy
It is possible to whitelist IPs using a filter. But you probably shouldn't. :-)
Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish
Plugin uses standard actions and filters only.
这个插件是老外开发的,最近更新已经是3年前了,但现在仍然好用。直接在wp后台搜索Limit Login Attempts就可以安装,下面是插件自己的description:
Limit the number of login attempts possible both through normal login as well as using auth cookies.
By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.
Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
Features
Limit the number of retry attempts when logging in (for each IP). Fully customizable
Limit the number of attempts to log in using auth cookies in same way
Informs user about remaining retries or lockout time on login page
Optional logging, optional email notification
Handles server behind reverse proxy
It is possible to whitelist IPs using a filter. But you probably shouldn't. :-)
Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish
Plugin uses standard actions and filters only.
Select Language