New Filters: Adjust Brute Force Thresholds

We’ve added two new filters to our login limiting functionality, which gives you the ability to tweak the thresholds for our application-level brute force protections. For example, you may want to lower them during situations with high security sensitivity.

• wpcom_vip_ip_username_login_threshold : how many failed attempts to allow for an IP address and username combination
• wpcom_vip_ip_login_threshold : how many failed attempts to allow for an IP address

For example, if you wanted to only allow one attempt for a group of usernames per IP:

add_filter( 'wpcom_vip_ip_username_login_threshold', function( $threshold, $ip, $username ) {
	if ( 'adminuser' === $username || 'otheradminuser' === $username ) {
		$threshold = 1;
	}

	return $threshold;
}, 10, 3 );

https://github.com/Automattic/vip-go-mu-plugins/pull/1782