FireDaemon

Starter
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About FireDaemon

  • Rank
    Newbie

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. FireDaemon

    Hey Dragan. I had missed reading the "Securing Your Admin" in the security section. Sorry for that. Otherwise - great and thanks for the links.
  2. Hi all, Apologies if this has been asked in the past. We have a test site setup and running on HTTPS with redirect from HTTP. The site is protected from DDoS and arbitrary malicious attack by CloudFlare. From what I can see the administrative login page is still vulnerable to dictionary attacks. Clearly disabling the admin account and the use of strong passwords are two methods to minimise the success of such attacks. Questions: 1. Is it possible to rename the /processwire URL? 2. Is there any two factor support out there? I've checked out Duo and Okta, however PW is not supported? 3. Is there anyway to add CAPTCHA or second factor security questions to the login process? 4. Is there any form of anti-hammer available? For example, repeated failed login attempts from the same source are blocked for a period of time after a finite number of failures? Any other suggestions gratefully appreciated.