Linux 软件免费装

在这里免费安装WordPress以及其他软件

Plugin Name

开发者 helium-3
更新时间 2015年7月13日 14:49
捐献地址: 去捐款
PHP版本: 3.5 及以上
WordPress版本: 4.2.2
版权: GPLv2 or later
版权网址: 版权信息

标签

plugin wordpress security login admin php authentication password block ip plugins administration limit login attempts bruteforce login throttling harden wordpress

下载

1.1 1.1.1 1.0

详情介绍:

IPBlock limits number of attempts an user has to log in, thus providing very good protection against automated login attacks. It is highly customizable, you can set your own blocking scheme and decide what is the best to not annoy forgetful users. You can also customize every message displayed to users. Featuring 2 working modes: Mode 1 - set a small delay after each attempt e.g. This is just an example! You can program it however you want. Mode 2 - allow a number of attempts in given time. For instance, allow 5 attempts in 15 minutes. Time left is displayed in proper formatting, e.g. 10 seconds, 1 minute, 3 hours This plugin doesn't use plugabble functions and should be compatible with any other plugin.

安装:

  1. Upload ipblock to the /wp-content/plugins/ directory
  2. Activate the plugin through the 'Plugins' menu in WordPress
  3. Go to settings in your dashboard and choose IPBlock to change settings

屏幕截图:

  • easily set the blocking scheme
  • customize output messages
  • delay was set notice (Mode 1)
  • cannot login yet error
  • number of attempts used notice (Mode 2)
  • all attempts used notice (Mode 2)

常见问题:

What is record expiration time?

This option is also only for Mode 1. Record expiration time tells how long to track an ip after last login attempt. An ip record has a certain expiration timestamp, when it expires it is treated as it doesn't exist and is pending removal. Every time a login attempt is made expriation timestamp is set to a sum of current timestamp and record expiration time. For example if an ip has 20 login attempts and record expiration time is 60 seconds and if user of that ip won't log in in next 60 seconds, the record will be no longer valid and ip will be treated as if it made 0 attempts.

What is delay scheme? How to use it?

Note that since version 1.1 there's a more user friendly interface to set up the blocking scheme, but the rules are still the same. Scheme dictates what delay to set after a number of failed login attempts. It's used if you choose Mode 1. It's composed of pairs login_attempts(+)=>delay (in seconds); Lets start with a single rule, e.g. 5=>10; This rule tells to set a delay of 10 seconds after 5 or more login attempts. Lets add another rule: 5=>10; 10=>20; 10 seconds will be set on 5 or more attempts, but there's a rule for 10 or more attempts, so this second rule is more important in its scope. The result of this will be: 5-9 attempts = 10 second delay 10 or more attempts - 20 seconds delay Another examples: 1=>2; 2=>4; 3=>8; 4=>16; 5=>32; 8=>64;

  • 1 attempt = 2seconds
  • 2 attempts = 4 seconds
  • 3 attempts = 8 seconds
  • 4 attempts = 16 seconds
  • 5-7 attempts = 32 seconds
  • 8 or more attempts = 64 seconds
2=>5; 3=>15; 5=>30; 10=>45;
  • 1 attempt = no delay
  • 2 attempts = 5 sec delay
  • 3-4 attempts = 15 sec delay
  • 5-9 attempts = 30 sec delay
  • 10+ attempts = 45 sec delay

更新日志:

1.1.1 Bug fix: Removed reference to deprecated file 1.1 Javascript frontend for blocking scheme - setting scheme is now much easier 1.0 Released: December 18 2014 *Initial release