=== Plugin Name ===
Contributors: cheesefather
Donate link: http://cheesefather.com/2013/04/wordpress-distributed-botnet-attack-blocker/
Tags: admin, attack, blocker, botnet, brute-force, ddos, distributed, global, ip, lockout, login, plugin, security, wp-admin
Requires at least: 2.8.0
Tested up to: 3.5.1
Stable tag: 1.2
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html

This plugin blocks distributed botnet brute-force attacks on your Wordpress installation.

== Description ==

After the recent global distributed botnet attack on WordPress installations that took down servers and broke into admin accounts, I thought I'd write a plugin to prevent it happening again.

Distributed botnet attacks can come from multiple IP addresses and locations at the same time, so conventional IP-based lockouts are not effective (e.g. those found in Wordfence and other WordPress security plugins).

For example, if 1,000 different computers (with unique IP addresses) are trying to brute-force your admin password and you lock out each IP address after 5 incorrect attempts then you have still allowed 5,000 attempts. My plugin essentially ignores the different IP addresses and locks out all admin login attempts in a configurable way - so if you have it set to 5 failed attempts (default) then those 1,000 different computers will only have a total between them of 5 attempts.

You can select how many login failures causes the lockout, how much time to allow between failures, how long to block logins for and also you can input a whitelisted IP address (or multiple addresses separated with commas or spaces) which can bypass the lockdown and always log in - so you can still always get into your site even in the middle of an attack. Version 1.1 adds support for partial IP address matching for those with dynamic IP addresses.

* Any failed login is counted regardless of username or IP address (unless whitelisted)
* Once locked down, nobody can log in except from whitelisted IP addresses
* You can specify the number of login failures that triggers a lockdown
* You can specify the time between failed attempts that should be counted
* You can specify how long the lockdown should last
* You can add whitelisted IP addresses that bypass the lockdown
* Partial IP address matching for dynamically allocated IP addresses

== Installation ==

1. Upload `botnet-attack-blocker.php` to the `/wp-content/plugins/` directory
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Navigate to Settings, Botnet Blocker to configure your settings

== Frequently Asked Questions ==

= How do I configure the plugin? =

Navigate to Settings and then Botnet Blocker, change the options and click Update.

= Can I whitelist multiple IP addresses? =

Yes, separate them by a space or comma.

= Can I whitelist partial IP addresses? =

Yes, just type in the IP part to match, e.g. 1.2 or 1.2.3 and leave out the part to ignore. This will allow dynamic IP allocated addresses in the whitelist.

== Screenshots ==

1. Simple admin screen to change plugin options.

== Changelog ==

= 1.2 =
* Added Italian translation thanks to Giacinto (www.iononmollo.it).

= 1.1 =
* Added translation support and partial IP whitelist matching (for dynamic IPs).

= 1.0 =
* First release.