[support] Understanding the 'user' node
Jamie Holly
hovercrafter at earthlink.net
Tue Jan 29 15:31:10 UTC 2013
It can be done using menu_alter, but I do agree it is on the paranoid
side and really won't provide extra security. Instead it's much better
to do something like add CAPTCHA on the login form. Even better:
https://drupal.org/project/flood_control
You can limit the number of failed logins per IP and and username.
Jamie Holly
http://www.intoxination.net
http://www.hollyit.net
On 1/29/2013 8:19 AM, Earnie Boyd wrote:
> On Mon, Jan 28, 2013 at 10:41 PM, Steve Wickham
> <steve at wickwoodonline.com> wrote:
> > >From what I understand, in the WordPress world it is a fairly common thing
> > to change the path of the user login page in order to harden the site
> > because this helps prevent bots from finding the login page in the first
> > place. The other thing that is commonly done is to change the preassigned
> > admin username to something else.
> >
> > I myself have wondered about how this might be done with Drupal, and have
> > never found an answer. Although to be honest, i never looked that hard. So
> > if you do find the answer, or if someone knows the answer to this, please
> > post it back here.
>
> It can be done but you have to study the hooks system of the API. But
> setting user registration to admin only and removing the login block
> should be sufficient. Changing /user is a bit on the paranoid side.
>
More information about the support
mailing list