Hello,
I keep seeing failed login attempts on my wp-admin page. Is there any way, we can limit the attempts via Apis CP, like it does with ftp/ssh etc login attempts?
Can the same be applied via Apis somehow?
I checked discord & the forums, could not find many relevant topics about this.
Would be glad if any kind of info on this can be obtained.
Bear in mind this only occurs when a POST request is made (not GET). Moreover 3 or more requests must occur in a 2 second interval. If a page load takes 750 ms to load, then 3 requests would complete in 2.25 seconds, more than the threshold.
Moreover, at a rate of 1 request per 750 ms then an attacker could attempt 115,200 combinations per day. At a rate of 115,200 requests per day to permute an entire space of 6 characters in a-zA-Z0-9, it would take 6^62/115200 1.5 x 10^43 days to attempt; in other words it may be additional noise in the log but not a reasonable threat.