I know all about how to set up the account sharing prevention and the pros and cons involved in what can be a double edged sword. However, I'm looking for any suggestions for settings for our particular situation: My client sells dvds that are immediately pirated and sold online. We're trying to stop some of that by offering them membership to our site that is now running amember. They have to prove purchase from us to gain access to certain things. We're afraid that these places that sell our pirated dvds will get a hold of a username(s)/password(s) for the membership site and start including that in their illegal product. We're having a hard time figuring out the right IP address / time limit combination that will help stop this but not hurt our paying members. If I set it to something like 3 IP's within 12 minutes, I still feel like there could be 10 logins in one day that just are not within that 12 minutes. If I set to something like 1 IP within 60 minutes, I think I will hurt users who IP's change dynamically. Should I set the time limit much higher like 120 minutes and the IP at 3? Does anyone have any suggestions for a situation like this?
Why not use the "One Time Download" plugin to limit the number of times they can download that particular DVD title. That way you wouldn't have to worry about how many times they login because you control the number of times the file can be downloaded.