Permanent Lockout for Invalid Usernames

  • Resolved Mountain-Hiker-1

    (@mountain-hiker-1)


    4 years, 10 months ago

    I am getting many bot attempts using different invalid usernames to login to my bbPress forum. I have Brute Force Protection set to immediately lock out invalid usernames and it is working. The lockout period is set to the maximum setting of 2 months.

    I am spending time reviewing these invalid login attempts and manually changing the lockouts to permanent.

    It would save my time if I could set the automatic lockout period to permanent for Invalid Usernames.

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hey @mountain-hiker-1,

    Thanks for the feedback! I understand the use of this and I’ll share this with the developers. From my understanding, the reason this isn’t currently a feature is that it has the potential to cause problems with legitimate future users getting blocked, but I understand everyone’s needs are different.

    Please let us know if you have any other thoughts or feedback!

    Thanks,

    Gerroald

    Thread Starter Mountain-Hiker-1

    (@mountain-hiker-1)

    OK, thanks for sharing this idea with the developers.

    If I don’t permanently block these failed bot login attempts, then they can try again when the temporary lockout expires. They will get temporarily blocked again for up to 2 months.

    Since the blocking is working, it is not a security problem, it is just a nuisance getting many email alerts of failed bot login attempts.

    Maybe I will turn off the email alerts for failed login attempts.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Permanent Lockout for Invalid Usernames’ is closed to new replies.