- NOTICE: This extension is no longer supported.
Parameters: How many failed attempts, Timeframe, Email user?, Optional BCC email notification.
This isn't true Brute Force Protection yet, but future versions will allow optional blacklisting of IP's for too many login failures.
NOTICE: THIS PLUGIN IS NO LONGER MAINTAINED OR UPDATED. I HAVE GIVEN PERMISSION FOR OTHERS TO UPDATE AND EXPAND UPON IT, YOU MAY WANT TO SEARCH FOR THEIR VERSIONS.
Whatever saying the others, since I got this experience, I suggest DO NOT install this plugin.
I am sorry, I did not see your inquiry until now when I searched my email for it (it landed in my spam mail). I will also reply to your email inquiry.
The time limit doesn't lock you out for "X" amount of time, tather it is: "How many failed attempts in X amount of minutes will block the account"
In your situation, you will need to use a different login to unblock the user, or if you don't have another login, you will need to change the value to 0 for the field "block" directly in the users table in your database.
Also, I have updated the description of this plugin, as it is NOT MAINTAINED and I will not be updating it.
1) ability to limit the plugin to backend or front end and/or
2) limit the plugin to only certain usernames or groups (say if you only want to monitor people trying to login under "Admin" username or anyone in Super User group)
Otherwise it's a great start!
I run community builder and it works with the login system just as with joomla core.
Also, messages are customizable which is great and users can be reactivated from the user manager panel.
It would be good to be able to customize the message when someone is blocked .. "Congratulations" doesn't really wash in a corporate environment, also customization would give the ability to provide contact details for the admin - or turn this message off completely. (A malicious person who realizes this block feature is installed could block all accounts of people in a forum they dont like, etc)
When logging in with a wrong password to a blocked account you get the following with or without the plugin enabled:
Username and password do not match or you do not have an account yet.
When the plugin is enabled you get the following two lines as well (3 total):
No user by that name, or your account is blocked.
Congratulations, you have just blocked your user account. Please contact the administrator.
It should be limited to just one extra line saying "This account has been blocked" (or as customized) and can be turned on or off.
I realise the text change be changed by hacking at code but including it as options in the interface makes it a lot more friendly!
Hope you find my review of use.
Good feedback, thanks! I did make the messages semi-configurable using a language file so that you wouldn't ever have to touch the actual cod. I recognize modifying language files isn't as easy or intuitive, so I agree with you it should be configurable by the plugin. I will make this improvement.
You should be able to select "don't send an email" in the dropdown, and then use the BCC field to put any emails to notify whomever you would like to control who does and doesn't get notified.
I'll review the interface to make it more intuitive for the next version. This version was really just to get it out there since I couldn't find one. I hope to get a few fixes done this next week!