Block failed logins by username

  • Hi!

    I’m looking for a functionality that would be similar to the Brute Force Protection lockout, that puts a block timeout after a number of unsuccessful login attempts. This works by IP, though; I would need the lock out to be set for the username that triggered the threshold instead (in case a user exists with that username).

    I understand the implications of this measure (somebody blocking other users out, user account existence disclosure, etc.) but I got this specific request for a particular client project, and I wonder if Wordfence is capable of this.

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • wfdave

    (@wfdave)

    Hi @bnvt,

    That’s a very good feature suggestion!

    For example, if an account has too many incorrect login attempts, this account is then locked out and no one can attempt to login anymore.

    I’ll send a feature request to the team to see what they think.

    Dave

    Thread Starter Alejandro Benavente

    (@bnvt)

    Thanks a lot for the feedback, Dave.
    I’ll keep an eye on the thread to check on this.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Block failed logins by username’ is closed to new replies.