Open joho1968 opened 1 year ago
robiso
commented
1 year ago When discussing this with Slaven, we did not want to open ourselves to any additional attack vectors of letting anyone trying to bruteforce your website with success/fail messages (other than the current lightweight alert).
joho1968
commented
1 year ago Well, this could actually be used to improve the site security in a plugin (for example). I've written security plugins for WordPress that utilize hooks to communicate with fail2ban to make brute-force attacks much harder. One could also easily implement login throttling if these hooks were present, as well as 2FA.
The hooks won't be doing anything unless something, well, hooks them :sunglasses:
Just my two cents :blush:
It'd be nice if the
loginAction()function would always call one of two hooks (if set, of course); one for a successful login attempt and one for a failed login attempt.