How do I get someone to answer a question?

User agents are how browsers identify themselves to the server. They are not related to WordPress users.

Thank you Gal.

see next post

• This reply was modified 5 years, 5 months ago by norwood451.
• This reply was modified 5 years, 5 months ago by norwood451.
• This reply was modified 5 years, 5 months ago by norwood451.

Thank you Gal.

Do you know a way to block hackers that use obvious user names or email addresses. Such as myName—Domaincom myname—mailcom Or Domain_admin – basically the same way you block someone that uses Admin as there user name.

Just wanted to contribute 3 things that I think you should be aware of.

1. The IP of anyone trying to log in using the admin account is not banned. Instead the IP is instantly (and temporarily) locked out. If the same IP attempts to do this (by default) 3 times within (by default) 7 days, then the IP is banned. Blacklist Threshold (3) and Blacklist Lookback Period (7) are configurable in the Global Settings module.

2. Within the iTSec plugin there is no other way to instantly lockout other accounts.

3. Try and focus on preventing brute force attacks. This will make instant banning/lockout of popular accounts irrelevant.

To prevent any confusion, I’m not iThemes.

• This reply was modified 5 years, 5 months ago by nlpro.

Thank you for that. My guess there is a way, but I iThemes would need to come up with it.

Most of my hacks are Admin user names.. I have seen hacks using my email address, which is want I would really like to block forever, as those hackers are using fake IP addresses, which you cannot block.

Thanx again.

Unfortunately, the code uses “admin” literally, and there is no filter that would let you add users to this check. However, if you’re a good enough developer, you could copy the authenticate() function from core\modules\brute-force\class-itsec-brute-force.php to, say, authenticate_plu() and the add it as a filter.

The following may then work:

add_filter( 'authenticate_plus', array( $itsec_brute_force, 'authenticate' ), 10000, 3 );

If it doesn’t, try:

$itsec_brute_force_user_check = new ITSEC_Brute_Force();
$itsec_brute_force_user_check->settings = ITSEC_Modules::get_settings( 'brute-force' );
add_filter( 'authenticate', array( $itsec_brute_force_user_check, 'authenticate' ), 10000, 3 );

The above are just ideas. I strongly suggest testing them on a TEST site, because I haven’t!

Hi Gal- Wow, that is an amazing solution for someone that is not like me, afraid to make changes he does not understand.

I suspect someone who does understand the usage will give it a try, so I it probably was a good that you wrote that code.

Maybe if a developer from iThemes will see this they will add it to the program.

Thank you for taking the time. Sure is appreciated.

Actually, adding a setting for users other than literal “admin” would be good. Perhaps the authors will consider it.

BTW, if you’re not a code, but it’s important enough for you, you can always pay someone. It’s not a big job.

This enhancement is on top of the list here. And it has been for many many years …

Ask yourself: Why is iThemes not implementing this fairly simple enhancement ?

The simple answer is, because it doesn’t make your site more secure.

I’ll repeat what I said before: It’s better to focus on preventing brute force attacks. Take the right steps to make your site less attractive to brute force attackers.

When brute force attackers move on to easier targets, you don’t need to maintain user lists to block/lockout.

Although I agree in principle, some features should be provided for the comfort of the administrator. In this case, having less logging activity and stopping things earlier are the benefits, and they matter.

This is basically an extension of checking for “admin”, which, according to you, isn’t making the site more secure either…

Gal I clearly agree.

Nlpro- The link your provided in the 2nd square has a discussion that indicates that this is not a new subject. So, I guess you need to ask yourself, why not add the ability to cut the hacker at their knees, just like ADMIN does. They will then move on, as what they are doing did not work.

From the link you provided SQUARE 2
“Have the ability to specify a list of usernames (eg admin, Admin, administrator) that when entered will cause the IP address to be immediately blocked and banned permanently.
in list Customer Feature Requests
VOTES 76 votes”

It’s also for the Pro version, and this is the free/lite forum.

This is basically an extension of checking for “admin”, which, according to you, isn’t making the site more secure either…

Undeniably true. It doesn’t make the site more secure. Though the “admin” account is historically a special case since WordPress install used it as a default for quite a while. Consequently the “admin” account became wildly popular in brute force attacks. And it’s still very popular today.
So in this perspective it makes sense to add a brute force protection exception and short circuit an invalid login attempt utilizing the “admin” account.

It’s also for the Pro version, and this is the free/lite forum.

The Local Brute Force Protection module is a free and pro module so the Automatically ban “admin” user setting is available in both. Should iThemes ever decide to implement the feature request (which IMHO is not going to happen) it would probably be implemented in both.

hi Nlpro- I need to correct you, as you state “according to you, (admin lockout) isn’t making the site more secure either” which is the exact opposite of what I am stating.

In fact, when a hacker uses ADMIN and is locked right away that would certainly mean that the site is more secure.

I did not know that this was something other uses were requesting, as much as 72 according to the link you sent.

Therefore, I do not see why the creators would not consider adding the option to automatically lock any one using a user name that, for example matches the owners email address, assuming the owner is NOT using the email address to log in.

@norwood451

Does the “admin” account exist in your WordPress site ?