Hacker News new | past | comments | ask | show | jobs | submit login

It's even worse. Why can someone just keep trying to login on default WP installation? Why can they try to guess usernames? First thing I install is: https://www.wordfence.com



Even still, default login attempts are set at 20. I've had a lot of recent bruteforce attacks, and set that delimiter to 5. On top of that, I try changing the wp-login location with 'rename wp-login'[1], and set it to something like http://www.site.com/hello . Doesn't stop everyone, but helps cut down attempts.

[1]https://wordpress.org/plugins/rename-wp-login/


Does Wordpress still not have basic rate limiting on forms?


It does not.


Enumerating evil is never the correct solution.


$10 has been deposited into your wordfence affiliate account. Thank you, have a good day.


[flagged]


We've banned this account for repeatedly breaking the HN guidelines.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: