-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Log or alert on failed 2FA codes #459
Comments
I extended the two-factor/providers/class-two-factor-provider.php Lines 75 to 106 in 3b69449
And added it to TOTP: two-factor/providers/class-two-factor-totp.php Lines 290 to 304 in 3b69449
Now, other providers can use it. I guess it's not the better way to use |
Related: #476 would be a good follow-up to this IMO |
Do we believe this is still necessary now that we have rate limiting for the logins with #510? |
Logging a placeholder issue from insight shared from @georgestephanis after finding a related tweet on this topic... We should fire off a log or alert to site admins on any failed 2FA code. Or an error_log or something. So if someone has a password but is trying to brute force a code it can get caught.
The text was updated successfully, but these errors were encountered: