The Joomla! Extensions Directory ™


Max Failed Login Attempts Plugin

Editor's Note
  • NOTICE: This extension is no longer supported.
Limit users to X number of login attempts in a certain timeframe. For example, 5 attempts in a 5 minute window will block the user account and optionally notify someone via email.

Parameters: How many failed attempts, Timeframe, Email user?, Optional BCC email notification.

This isn't true Brute Force Protection yet, but future versions will allow optional blacklisting of IP's for too many login failures.

NOTICE: THIS PLUGIN IS NO LONGER MAINTAINED OR UPDATED. I HAVE GIVEN PERMISSION FOR OTHERS TO UPDATE AND EXPAND UPON IT, YOU MAY WANT TO SEARCH FOR THEIR VERSIONS.

Report Extension

 

 

2013-08-11
Reviews: 3
After installing this plugin, I was locked out when I tested it.Suppose to lock me out for 10 minutes but since last week I can not log in again. The worst thing is that I sent an e-mail to the creator and never get a reply.I still can not log in.
Whatever saying the others, since I got this experience, I suggest DO NOT install this plugin.
Owner's reply

I am sorry, I did not see your inquiry until now when I searched my email for it (it landed in my spam mail). I will also reply to your email inquiry.

The time limit doesn't lock you out for "X" amount of time, tather it is: "How many failed attempts in X amount of minutes will block the account"

In your situation, you will need to use a different login to unblock the user, or if you don't have another login, you will need to change the value to 0 for the field "block" directly in the users table in your database.

Also, I have updated the description of this plugin, as it is NOT MAINTAINED and I will not be updating it.

2013-04-19
Reviews: 9
This plugin needs 2 options:

1) ability to limit the plugin to backend or front end and/or

2) limit the plugin to only certain usernames or groups (say if you only want to monitor people trying to login under "Admin" username or anyone in Super User group)

Otherwise it's a great start!
2013-01-12
Reviews: 3
Recently, i have been seeing more unknown IP trying to access my admin dashboard. This tool has helped to increased the security and ensure these unauthorized people are kept away.
2012-05-14
Reviews: 6
Very good, does what it says in the description and it's easy to set up and use.
I run community builder and it works with the login system just as with joomla core.
Also, messages are customizable which is great and users can be reactivated from the user manager panel.
2012-04-07
Reviews: 51
Excellent plugin, does exactly what I needed, there are of course room for improvement, so it will be interesting to see what the future brings.
2012-03-22
Reviews: 1
Does the job, could be polished somewhat.

It would be good to be able to customize the message when someone is blocked .. "Congratulations" doesn't really wash in a corporate environment, also customization would give the ability to provide contact details for the admin - or turn this message off completely. (A malicious person who realizes this block feature is installed could block all accounts of people in a forum they dont like, etc)

When logging in with a wrong password to a blocked account you get the following with or without the plugin enabled:

Username and password do not match or you do not have an account yet.

When the plugin is enabled you get the following two lines as well (3 total):

No user by that name, or your account is blocked.
Congratulations, you have just blocked your user account. Please contact the administrator.

It should be limited to just one extra line saying "This account has been blocked" (or as customized) and can be turned on or off.

I realise the text change be changed by hacking at code but including it as options in the interface makes it a lot more friendly!

Hope you find my review of use.
Owner's reply

Good feedback, thanks! I did make the messages semi-configurable using a language file so that you wouldn't ever have to touch the actual cod. I recognize modifying language files isn't as easy or intuitive, so I agree with you it should be configurable by the plugin. I will make this improvement.

You should be able to select "don't send an email" in the dropdown, and then use the BCC field to put any emails to notify whomever you would like to control who does and doesn't get notified.

I'll review the interface to make it more intuitive for the next version. This version was really just to get it out there since I couldn't find one. I hope to get a few fixes done this next week!

Thanks