The Offense Limit option lets you control how many times a visitor may trip one of the security plugin's defenses before being blocked by the plugin altogether.
Note: Setting this to 0 will effectively turn off the fully automatic black list system (engine).
Imagine a visitor tries to login with a wrong username and password combination. That's 1 Offense. Let's say they try and post a comment that triggers our SPAM module - that's 2 offenses. Then they try and access your WP Admin area URL and you've renamed your WP Login, that's 3 offenses.
If they keep doing various things, or the same thing repeatedly and build up a number of offenses and exceed your limit, they'll be blocked from accessing the site completely.
What are all the actions that count as offenses?
We only monitor actions taken that trigger the Shield plugin itself. The following actions will result in an increase in the offenses counter:
- Attempt to login with an invalid username/password combination
- Any attempt to login while the login cooldown system is in-effect
- Any login attempt that trips the Bot Login protection system
- Any login attempt with a username that doesn't exist
- Any attempt to access /wp-admin/, /login/, or wp-login.php while the Hide WP Login Page setting is active
- Any comment that gets labeled as SPAM by the plugin
- Failed attempt to authenticate with the plugin's Security Admin module
- Any trigger of a Firewall block rule
Offense Limit option settings
A black mark is set against an IP address each time a visitor trips the defenses of the Shield plugin. When the number of these offenses exceeds the specified limit, they are automatically blocked from accessing the site.
Set the offense limit by entering the number into the Offense Limit field:
If you want to turn off the fully Automatic IP Black List system (engine), set this to "0".
Note: Block Bad IPs/Visitors module also gives you the ability to manage blacklisted and whitelisted IP addresses. To find out how this IP Lists Manager works, read the article here.