This bundle doesn't take into consideration that different IP addresses might be used to brute force a specific username. However, blocking the account based on multiple attempts for a specific username, irrespective of the IP address, creates another problem i.e. user A can attempt to log in as user B, hence blocking access for user B. To overcome this, we need to make sure that access for user B is allowed from a pre-saved/whitelisted IP address.
Do you have any opinion/thoughts on the matter?
This bundle doesn't take into consideration that different IP addresses might be used to brute force a specific username. However, blocking the account based on multiple attempts for a specific username, irrespective of the IP address, creates another problem i.e. user A can attempt to log in as user B, hence blocking access for user B. To overcome this, we need to make sure that access for user B is allowed from a pre-saved/whitelisted IP address.
Do you have any opinion/thoughts on the matter?