BruteProtect Jetpack vs Login Security Solution

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Daniel Convissor

    (@convissor)

    Took a quick look at JetPack. Seems modules/protect.php is the place. Appears they only check IP address. That’s not sufficient. Over the past couple months, I’ve noticed that attackers have so many bots at their disposal that they use a different IP address for nearly every request.

    Real world example… One of my sites got 126 failed login attempts yesterday from 112 different IP addresses. These addresses aren’t even in the same IP range. This particular attacker’s control server picks three likely user names and one password then tells three bots to try one combination. Then it picks another password and has three _other_ bots try those combinations. Rinse and repeat. LSS stopped them. I haven’t seen another plugin that does that.

    Alexandre Simard

    (@brocheafoin)

    Hey Daniel,

    I love your plugin. I think it’s the best standalone solution, but your comment here shows you haven’t looked at Jetpack Protect closely enough. Its main selling point is the network effect. IP addresses are checked against WordPress.com’s Protect API, which logs and analyzes failed logins across all sites where Jetpack Protect or BruteProtect is installed.

    In the scenario you describe above, it’s likely none of the initial login attempts would have made it through, since their IP addresses would already be blacklisted from previous failed logins on numerous other sites.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘BruteProtect Jetpack vs Login Security Solution’ is closed to new replies.