Joomla! Extensions Directory


Site Security

This plugin provides means to avert Brute-Force-Attacks on your Joomla-Installation. For this purpose, the plugin stores information on failed login attempts, so that when reaching a configurable number of such failed login attempts the attacker's IP address can be blocked. Furthermore, you can configure notifications about failed logins and blocked IP addresses, as well as a configurable (optionally even adaptive) delay for a failed login attempt.

  • Get this

The component included in the package will allow you to view the blocked IP addresses and manage them, manage whitelists of IP addresses which will never be blocked, viewing failed log attempts and testing the notification.

New in Version 1.3.0:
- Allow showing IP address in blocked message
- Show hint to use reset password functionality
- small fixes

For a full list of changes in each version see the Changelog at

- pt-PT/pt-BR translations and various fixes by solrac (comproperty247(at)
- ca-ES translations by nouespai
- fr-FR translations by Flying_Lolo
- nl-NL translations and various fixes by Rob van Baal (info(at)
- es-ES translations by Aimagen (info(at)
- ru-RU translations by Raven (ravencrow(at)
- it-IT translations and various fixes by Stefano Buscaglia (info(at)
- old nl-NL translations by Agrusoft

Ease of use

Setting are slightly ambiguous.

I used this to: All joomla websites published.

Should be Joomla core

Posted on 14 October 2014

I'm not sure what the likelihood is of someone actually succeeding in logging in to a site, but the idea scared me when I saw the number of attempts to access my site's Apache server. After The first day after installing BFStop, I got so many notices of failed attempts that I set it to send me only 1 message a day and to block the IP permanently after 5 failed attempts. Pretty much all attempts are to the usernames 'admin', 'administrator', or a variation of the url, so I suggest eliminating those even if you don't install BFStop. This extension is easy to understand and implement, and worked without a glitch for me.

This should be Core!

Posted on 30 September 2014

I was unaware that these attacks were happening. When I checked my daughter's site, she had admin accounts that no one could explain. After installing Brute Force Stop, I have seen and blocked 4 attacks in about 2 weeks. The IP is blacklisted now automatically and I suspect the problem is solved. Of course a tight user name and password help tremendously, but Brute force stop bats clean-up. Great Job. This extension should be in the Joomla Core.

Good extension

Posted on 07 June 2014

I have used this extension for a while. It is great one, work as expected. It is also easy to set up. Now I used it on all of my sites. Thanks developer for your effort.

Brute Force Stop

Posted on 02 June 2014

All I can say is that this program works great. Has stopped many login attempts from the back end which were clearly attempted attacks. I can then block IP address's permanently so I don't have to worry about repeated attempts. Had a question for developer and got an instant response. Thanks for a great extension.

This is a great component addition to Joomla. There are others that I have reviewed but this is my favorite and I install it on all Joomla sites I create. The support is also "second to none". Bernard goes way out of the way to support this. To have the level of support he provides for a free product is just amazing. I am trying to find out how to make a donation today.

Thank you Bernard!


This extension is now part of my standard installations. Simple to use, simple to install. All good!

Very appreciative of this developer's work, creating a critically important element to safeguard sites built using Joomla CMS. Easy install, and does what it says it will do. I would suggest some slight modifications to the language, to make it easier for sitebuilders and marketers to understand how to use it (as opposed to developers, who appreciate the challenge of figuring out what all the toggles do). Great job, now on my list of "must-have" extensions.

Owner's reply: Thank you very much for your feedback! Suggestions for language changes are always welcome. Being a developer, it is hard for me to think as a sitebuilder and/or marketer. I would therefore be very glad to hear more about your suggestions! Please contact me via mail ( or report an issue ( if you're interested in contributing!

Stops attempts cold

Posted on 02 December 2013

Simple and easy install. Had problems with constant attempts at back-end. Before was using .htaccess and manually adding. This is just what I need. One feature I think would be helpful would be a way to whitelist IPs.

Thanks again!

Owner's reply: Thanks for your favourable review! A whitelist (for single IP addresses) is now available with version 1.1.0!

Great Plugin

Posted on 07 November 2013

I have to say that I've tried other plugins and this is one of the best I've had. Great work doing this. The first day I got 20 people trying to log in...and what's great about this program it tells us who their trying to log in as. I would recommend this plugin to everyone. I've had no problems.

Thanks for this great plugin.

Brute Force Stop

Bernhard Froehler
Date added:
Nov 19 2014
GPLv2 or later
Free download
Uses updater:
Download DemoNot available Support Documentation
  • Overall
  • Functionality

  • Ease of use

  • Documentation

  • Support