Easy-digital-downloads: Add Limit Login Attempt support to checkout user login form

Created on 10 Jun 2018 · 5Comments · Source: easydigitaldownloads/easy-digital-downloads

Enhancement Request

A customer ticket came in recently where an EDD website was being brute forced using the checkout login form, causing high AJAX requests/resource usage on the server (which was flagged by Kinsta).

The login form in Restrict Content Pro already includes support for the "Limit Login Attempts" plugin to prevent against these types of attacks, I believe EDD should also.

All forms, be it checkout or short-code (login and registrations) should have protection against this using the same method as RCP already has.

Justification or use case

To prevent against brute force attacks at checkout.

type-bug

Source

davidsherlock

Most helpful comment

RCP is moving away from supporting specific plugins, and is moving to using the standard wp_signon() instead of calling various core methods separately. I think that's what we should do here. That will run the hooks that the security type plugins tie into, and won't require that we build support for specific plugins.

mindctrl on 10 Jun 2018

👍2

All 5 comments

This is a secondary issue, but it would definitely be nice to see Google reCaptcha support in the EDD forms, since the plugins that exist already no longer function properly with the plugin.

davidsherlock on 10 Jun 2018

mindctrl on 10 Jun 2018

👍2

100% behind this @mindctrl.

davidsherlock on 10 Jun 2018

Another request for recaptcha support: https://secure.helpscout.net/conversation/820962638/0/?folderId=1847242

dgoldak on 10 Apr 2019

For testing, I've used Limit Login Attempts Reloaded as a plugin to test that integration. Also, be sure to test with the EDD Auto Register extension to make sure auto registration still works.