Improved version of a nice authorization plugin.
The basic number of characters in the Captcha, Belarusian bots now have learned to recognize. I’m tired of seeing a large number of entries about the attempts matching password on the login page in the site’s security log files.
Therefore, it was decided to complicate the life of kids-hackers army. And yes – it helped.
Indeed, the good plugin. Settings allow you to choose the situations in which the user must enter the captcha characters. Type the characters you can also configure.
As a result, significantly reduced the spam, and attempts to cut off cool-hacker enter the site without a permit.
Of course this is not a panacea, and if you do not have enough of this protection, you should use a system of two-level authentication using SMS.
Now, User needs except the password and enter a CAPTCHA has only known him a secret string. Thus, primitive brute force becomes ineffective.
Additionally, it is possible to save the IP address of the user who made the authorization attempt. And he knows it even before it will attempt to login. Perhaps that will be enough for some people to change their minds and go hack other sites.