How to catch bots and robots with a list of prohibited logins
Cerber uses the list of prohibited usernames to reinforce protection by catching bots and hackers
As you already know, there is small, but very useful feature that called a list of prohibited logins/usernames. It’s a comma-separated list of usernames you do not want to be used on your website in any circumstances. That’s it? No, there is no “just in case” feature in the WP Cerber plugin. But how does Cerber use logins from the list to reinforce protection? First of all, the Cerber plugin does the following.
- Login or registration with a prohibited username is impossible.
- Attempt to log in with prohibited username lead to locking out IP address.
Most importantly, combining the list of prohibited logins and the Custom login URL together you help your Cerber is being smart and to detect and catch bots/robots/hackers easily.
If your list is still empty, you definitely have to put on the list following (commonly used by bots and hackers) usernames: admin, administrator, manager, editor, user, demo, test.
Read more how to create another trap with the Custom login URL.
Last posts from WordPress security blog
- Brute-force, DoS, and DDoS attacks – what’s the difference? 04/10/2017
- WP Cerber 4.5 03/22/2017
- Instant mobile and browser notifications with Pushbullet 03/20/2017
- Best WordPress Plugins for Two-Factor Authentication 03/15/2017
- WordPress 4.7.3 – six security issues has been fixed 03/06/2017
Let's make things clear with these intruder activities that happens every day with any website. How are they dangerous? What tools or plugin can mitigate them? What are chances that we can do that successfully?
WP Cerber allows you to easily enable desktop and mobile notifications and get all those notifications from your WordPress instantly and for free. In a desktop browser, you will get popup messages even if you logged out of your WordPress. Last posts from WordPress security blog Brute-force, DoS, and DDoS attacks – [...]