WordPress.org
Get WordPress

Plugin Directory

Changeset 607721


Ignore:
Timestamp:
10/04/2012 01:05:10 AM (13 years ago)
Author:
convissor
Message:

Fix formatting of lockout/slowdown faq.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • login-security-solution/trunk/readme.txt

    r607720 r607721  
    333333Solution.
    334334
    335     __Limit Login Attempts__
    336 
    337     * _Invalid or Valid Credentials by Attacker or Actual User_
    338 
    339         1) Process authentication request (check IP address)
    340         1) Error message: "Too many failed login attempts." (ACCESS DENIED.)
    341 
    342     Note, this approach means an actual user can be denied access for 12 hours after making 4 mistakes.
    343 
    344 
    345     __Login Security Solution__
    346 
    347     * _Invalid Credentials by Attacker or Actual User_
    348 
    349         1) Process authentication request (check IP, user name, and password)
    350         1) Slow down the response
    351         1) Error message: "Incorrect username or password." (ACCESS DENIED.)
    352 
    353     * _Valid Credentials by Attacker_
    354 
    355         1) Process authentication request (check IP, user name, and password)
    356         1) Slow down the response
    357         1) Set force password change flag for user
    358         1) Error message: "Your password must be reset. Please submit this form to reset it." (ACCESS DENIED.)
    359 
    360     * _Valid Credentials by Actual User_
    361 
    362         1) Process authentication request (check IP, user name, and password)
    363         1) (If user is coming from their verified IP address, let them in, END)
    364         1) Slow down the response
    365         1) Error message: "Your password must be reset. Please submit this form to reset it." (ACCESS DENIED.)
    366         1) On subsequent request... user verifies their identity via password reset process
    367         1) User's IP address is added to their verified IP list for future reference
     335__Limit Login Attempts__
     336
     337* _Invalid or Valid Credentials by Attacker or Actual User_
     338
     339    1) Process authentication request (check IP address)
     340    1) Error message: "Too many failed login attempts." (ACCESS DENIED.)
     341
     342Note, this approach means an actual user can be denied access for 12 hours after making 4 mistakes.
     343
     344
     345__Login Security Solution__
     346
     347* _Invalid Credentials by Attacker or Actual User_
     348
     349    1) Process authentication request (check IP, user name, and password)
     350    1) Slow down the response
     351    1) Error message: "Incorrect username or password." (ACCESS DENIED.)
     352
     353* _Valid Credentials by Attacker_
     354
     355    1) Process authentication request (check IP, user name, and password)
     356    1) Slow down the response
     357    1) Set force password change flag for user
     358    1) Error message: "Your password must be reset. Please submit this form to reset it." (ACCESS DENIED.)
     359
     360* _Valid Credentials by Actual User_
     361
     362    1) Process authentication request (check IP, user name, and password)
     363    1) (If user is coming from their verified IP address, let them in, END)
     364    1) Slow down the response
     365    1) Error message: "Your password must be reset. Please submit this form to reset it." (ACCESS DENIED.)
     366    1) On subsequent request... user verifies their identity via password reset process
     367    1) User's IP address is added to their verified IP list for future reference
    368368
    369369So both plugins deny access to attackers. But Login Security Solution has
Note: See TracChangeset for help on using the changeset viewer.