Suggestion

  • The iQ Block Country plugin is a super plugin. However, I have a suggestion.
    It appears that the checks made by the blocking parameters I have set are made after a successful login.

    One parameter I have set is to disallow proxies/vpn’s

    People trying to attack sites to gain access to Admin accounts use proxies to do so making multiple password cracking attempts.

    Using an additional plugin like Login Lockdown makes their task harder but if iQ Block Country checked at login time (regardless of a successful password) it would prevent these attacks. Why should they need to succeed in cracking a password only for iQ Block Country to step in and stop them. Surely stopping a successful login should be a priority.

    Please could you enhance the plugin to apply blocking parameters at login time – That is after determination of a valid username/email but before the password validation is made?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Pascal

    (@iqpascal)

    Hi,

    I am not entirely sure what you mean.

    Blocking is ‘just done’. If a POST request is made it will block the request but other plugins may read the POST request as well and log the information.

    Thread Starter worldjusticenews

    (@worldjusticenews)

    I mean exactly what I said – if possible block DURING the login process – Prevent the login. There is no need to let a person login (and in the case of a potential hacker crack a login password) and then try to post or do do anything frontend or backend if you already know that the IP address they are using would be blocked.

    Thread Starter worldjusticenews

    (@worldjusticenews)

    I should have added to my reply an emphasis of the timing of the check.
    Enhance the plugin to apply blocking parameters at login time before password validation takes place.

    The reason for this timing is so that potential hackers do not discover that the password used was incorrect.

    This surely must be seen as an added benefit to the plugin as a measure for protecting sites from brute force login attacks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Suggestion’ is closed to new replies.