i was wondering how is it possible not to have incorporated a captcha or an other mechanism for brute force attacks on login page.
it doesn’t look secure enough for a remote install on a hosting service other than our intranet, and maybe not even there…
I was comparing it to the overly popular wordpress installs that have numerous ways of blocking unwanted login attempts, banning mechanisms of IP addresses, captcha verifications, login timeouts and general timers to name a few. Does anybody share the same thoughts with me on this?
Has anyone made an effort of looking into this as an issue?