This topic contains 3 replies, has 2 voices, and was last updated by 
 John BlackbournsaidLocking out users by IP after multiple unsuccessful login attempts is great, but this causes a major problem for sites that are administered from an office full of people all on the same IP. If one user locks themselves out then the entire office gets locked out and you end up with an office full of very unhappy bunnies. It would be nice to have the option of locking out users by username and IP pair. So for example, if a user on IP 1.2.3.4 tries to unsuccessully log in to the ‘admin’ account, then the IP 1.2.3.4 is prevented from logging in to the ‘admin’ account for the duration of the lock instead of just locking out their IP, but they can attempt to log in to another account. Of course, this would be a user-configurable option within the plugin (and personally I think it’d be an improvement to have this as the default, but that’s just my opinion). John |
|
 marksaidThanks John, adding this to the list. |
|
John BlackbournsaidI just thought, another option might be to provide an input field of whitelisted IPs that don’t get locked. Maybe instead of locking a whitelisted IP, it shows a message suggesting that the user uses the password reset feature, but still allows further login attempts from that IP. |
|
marksaidThanks John. |
The topic ‘Lock out by user and IP pair’ is closed to new replies.