WP Tavern › Forums › Create Topic
Samuel "Otto" Wood Dan, it doesn’t allow you to specify how many logins before a block because that’s not how it works. The idea isn’t to block based on how many times they try to log into your site, but based on them logging into *everybody’s* sites. For every login attempt performed, the IP is sent back to a central service. That service analyses the pattern as a whole, and blocks accordingly. These mass login attempts come from botnets. And while each individual computer on some big bot net may try to log into your particular site only once or twice, it will still go and try to log into other sites all around the world. When this starts happening, that mass pattern of failed logins coming from the IPs of the botnet machines can be seen by the service, and it can then take steps to block them on all the rest quickly, frustrating the effort of the botnet. Think of it like Limit Login Attempts, but with the login attempt info shared amongst all participants. Some will still get hit, but once the service as a whole determines that it’s a bot, then it can block it amongst all the rest immediately.
Samuel "Otto" Wood
Dan, it doesn’t allow you to specify how many logins before a block because that’s not how it works.
The idea isn’t to block based on how many times they try to log into your site, but based on them logging into *everybody’s* sites. For every login attempt performed, the IP is sent back to a central service. That service analyses the pattern as a whole, and blocks accordingly.
These mass login attempts come from botnets. And while each individual computer on some big bot net may try to log into your particular site only once or twice, it will still go and try to log into other sites all around the world. When this starts happening, that mass pattern of failed logins coming from the IPs of the botnet machines can be seen by the service, and it can then take steps to block them on all the rest quickly, frustrating the effort of the botnet.
Think of it like Limit Login Attempts, but with the login attempt info shared amongst all participants. Some will still get hit, but once the service as a whole determines that it’s a bot, then it can block it amongst all the rest immediately.
Name *
Email *
Website:
Topic Title (Maximum Length: 80):
Forum: — No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Email Address
Submit
Enter the destination URL
Or link to existing content