Earlier I mentioned creating a custom workflow activity in Orchard CMS to help track failed logon attempts to monitor brute force attacks to the Orchard Admin Dashboard. In addition, one may want to add CAPTCHA to both the login and registration pages of Orchard to also help against brute force and dictionary attacks carried out by computer programs on the Internet.
Orchard CMS Anti-Spam reCAPTCHA Part
Orchard CMS comes with various anti-spam components. One of them is a reCAPTCHA Part that is very useful with custom forms and blog post comments. One of the more popular blogs posts I have written is How to Add reCaptcha to Custom Forms in Orchard CMS.
Unfortunately, the login and registration pages in Orchard CMS are not Content Types and therefore one cannot directly attach the reCAPTCHA Part. The fact that they are not Content Types also makes it difficult to extend them by adding additional fields, which I often have to accomplish, so hopefully the registration and login pages get some much needed love so that we can add these types of capabilities very easily in the future.
Orchard CMS Logon Page and reCAPTCHA
Nonetheless, it is possible to add reCAPTCHA to the Orchard Login Page to help improve the security in Orchard using ASP.NET MVC Action Filters, custom shapes, etc. It's not as ideal as simply attaching a reCAPTCHA part from the Anti-Spam Module to the logon page, but it accomplishes the same results until Orchard CMS provides a solution out-of-the-box or at least a better extensibility point in the future. Add the reCAPTCHA in combination with the Failed Logon Attempt Workflow Activity and one has an improved position on security with regards to Orchard Logons.
Ideally the various Registration, Logon, Reset Password, etc. security functions in Orchard CMS will be improved so that Orchard Developers can easily extend and hook into them just like we do with other Orchard functionality. Being able to track failed logon attempts and add reCAPTCHA to the Orchard Logon Page should be easier than I expected, but I always enjoy a challenge!
If you need assistance developing an Orchard Website, building a custom Orchard Module, upgrading an Orchard Website, or developing an Orchard Theme, please contact me.