Title: [271177] trunk/Websites/webkit.org
- Revision
- 271177
- Author
- [email protected]
- Date
- 2021-01-05 14:42:53 -0800 (Tue, 05 Jan 2021)
Log Message
Limit failed login attempts on webkit.org blog
https://bugs.webkit.org/show_bug.cgi?id=220032
Reviewed by Timothy Hatcher.
* wp-content/plugins/limit-logins.php: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/Websites/webkit.org/ChangeLog (271176 => 271177)
--- trunk/Websites/webkit.org/ChangeLog 2021-01-05 22:40:20 UTC (rev 271176)
+++ trunk/Websites/webkit.org/ChangeLog 2021-01-05 22:42:53 UTC (rev 271177)
@@ -1,5 +1,14 @@
2021-01-05 Jon Davis <[email protected]>
+ Limit failed login attempts on webkit.org blog
+ https://bugs.webkit.org/show_bug.cgi?id=220032
+
+ Reviewed by Timothy Hatcher.
+
+ * wp-content/plugins/limit-logins.php: Added.
+
+2021-01-05 Jon Davis <[email protected]>
+
Disable public APIs on webkit.org blog
https://bugs.webkit.org/show_bug.cgi?id=220028
Added: trunk/Websites/webkit.org/wp-content/plugins/limit-logins.php (0 => 271177)
--- trunk/Websites/webkit.org/wp-content/plugins/limit-logins.php (rev 0)
+++ trunk/Websites/webkit.org/wp-content/plugins/limit-logins.php 2021-01-05 22:42:53 UTC (rev 271177)
@@ -0,0 +1,32 @@
+<?php
+/*
+Plugin Name: Limit Logins
+Description: Limit brute force login attempts
+Version: 1.0
+Author: Jonathan Davis
+Author URI: http://webkit.org
+*/
+
+if (!defined('FAILED_LOGIN_LIMIT'))
+ define('FAILED_LOGIN_LIMIT', 3);
+
+function get_limit_logins_transient_key($username) {
+ return 'login_attempts_' . md5($username);
+}
+
+add_action('wp_login_failed', function ($username) {
+ $transient_key = get_limit_logins_transient_key($username);
+ $login_attempts = intval(get_transient($transient_key));
+ if ($login_attempts++ <= FAILED_LOGIN_LIMIT)
+ set_transient($transient_key, $login_attempts, 300);
+});
+
+add_filter('authenticate', function ($user, $username, $password) {
+ $transient_key = get_limit_logins_transient_key($username);
+ $login_attempts = intval(get_transient($transient_key));
+ if ($login_attempts >= FAILED_LOGIN_LIMIT) {
+ $wait_time = human_time_diff(time(), get_option('_transient_timeout_' . $transient_key));
+ return new WP_Error('failed_login_limit', sprintf(__('Login attempt limit reached. Wait %1$s before trying again.'), $wait_time));
+ }
+ return $user;
+}, 100, 3);
\ No newline at end of file
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
