Wordpress failed login reporting plugin Help community, protect everyone
Let's have some fun
Today I am going to post first version of this plugin to Wordpress. First plugin with a simple, but yet effective goal - protect every participant against annoying login script abusers on a firewall level. We'll see how it goes..
Step 1Install and activate plugin. That's enough for your website to start reporting information about failed logins - simply search for csf firewall inside wordpress plugin directory and click install!
Step 2In your firewall (CSF, APF) set to fetch list of denied IPs every 30 minutes:
LF_GLOBAL = 1800 GLOBAL_DENY = http://wp-firewall.hosting.guru/deny.txtYou don't have to do anything more. Running CSF daemon will fetch list automatically and apply required rules. / 28.January.2016
HOW TO USE AND PARTICIPATE
I encourage Wordpress users to install plugin Failed Login Firewall reporting. This tiny plugin will report every failed login to our central database.
If you are using CSF (Config Server Firewall) or APF - you can instruct it to regularly fetch and block IPs from this list:
For example in CSF set these values to fetch fresh list every 30 minutes:
LF_GLOBAL = 1800 GLOBAL_DENY = http://wp-firewall.hosting.guru/deny.txt
1. install and activate the plugin.
2. ask your server administrator to use our list to block IPs.
Even by installing and activating this plugin you help community, as more attackers would get reported! We might extend plugin features in the future for more advanced protection. Stay connected!
You should still consider some advanced security plugin, like All-in-One WP Security or Wordfence. This plugin won't replace their functionality. They are doing completely different things - provide local protection using wordpress tools. Our plugin will collect IPs of bad guys and provide protection on higher level and to more wide range of users (not just on your server, everyone, who use it).
Plugin is free for use.
IP will be listed in deny list if it matches one of the following:
- had more than 20 failed login attempts since yesterday 00:00
- had more than 100 failed login attempts within last 10 days
- had more than 500 failed login attempts within last 30 days