Hi all,
Apologies if this has been asked in the past. We have a test site setup and running on HTTPS with redirect from HTTP. The site is protected from DDoS and arbitrary malicious attack by CloudFlare. From what I can see the administrative login page is still vulnerable to dictionary attacks. Clearly disabling the admin account and the use of strong passwords are two methods to minimise the success of such attacks. Questions:
1. Is it possible to rename the /processwire URL?
2. Is there any two factor support out there? I've checked out Duo and Okta, however PW is not supported?
3. Is there anyway to add CAPTCHA or second factor security questions to the login process?
4. Is there any form of anti-hammer available? For example, repeated failed login attempts from the same source are blocked for a period of time after a finite number of failures?
Any other suggestions gratefully appreciated.