Introduction

Site Security

This plugin provides means to avert Brute-Force-Attacks on your Joomla-Installation. For this purpose, the plugin stores information on failed login attempts, so that when reaching a configurable number of such failed login attempts the attacker's IP address can be blocked. Furthermore, you can configure notifications about failed logins and blocked IP addresses, as well as a configurable (optionally even adaptive) delay for a failed login attempt.

  • Favourite
  • Report

The component included in the package will allow you to view the blocked IP addresses and manage them, manage whitelists of IP addresses which will never be blocked, viewing failed log attempts and testing the notification.

New in version 1.4.1:
- minor release fixing JED checker errors
New in version 1.4.0:
- Blocking via .htaccess
- New method for determining client IP to support load balancers / proxies
- IPv6 fixes (IPv6 subnet masks not yet supported)
- mysql compatibility
- php 7 compatibility
For a detailed list of changes in each version see the commit history at https://github.com/codeling/bfstop/commits/master.

Contributors:
- pt-PT/pt-BR translations and various fixes by solrac (comproperty247(at)gmail.com)
- ca-ES translations by nouespai
- fr-FR translations by Flying_Lolo
- nl-NL translations and various fixes by Rob van Baal (info(at)fischertechnikclub.nl/http://www.fischertechnikclub.nl)
- es-ES translations by Aimagen (info(at)aimagen.com)
- ru-RU translations by Raven (ravencrow(at)mail.ru)
- it-IT translations and various fixes by Stefano Buscaglia (info(at)binarioetico.org/http://www.binarioetico.org)
- old nl-NL translations by Agrusoft

80

Nice plugin


Posted on 27 June 2015
80
Functionality

Practical, everyone should use, BUT I would also like to see the password the user tried to use to login.

80
Ease of use

Weird the settings tab tests emails, weird the settings tab tests emails. If there are no settings it shouldn't have a title of settings

Owner's reply: Thanks for your review, and sorry for taking such a long time to get back to you on the points you mention.
As for seeing the password of the attempt, since I've also been asked this per mail already, I've asked an FAQ entry about it, see https://github.com/codeling/bfstop/wiki/FAQ#why-dont-i-see-the-password-from-the-attempted-login

Regarding the settings tab: The plan is to move all the settings there, see https://github.com/codeling/bfstop/issues/88 . Will be included in one of the next bfstop versions, probably 1.4!
100
Functionality

Great!!

100
Ease of use

As easy as counting 1-2-3..

I used this to: I use this for all my sites...
Owner's reply: Thanks very much for taking the time to write a review!
One quick question regarding your support rating - did you have any problems that weren't solved? In case of bugs or questions please open an issue at https://github.com/codeling/bfstop/issues and I'll try my best to help!
100
Functionality

Works perfectly

100
Ease of use

Very easy to use.

100
Documentation

Self explainig

I used this to: Protect my site because i found many login tries in my logs.
100

A must have!


Posted on 28 March 2015
100
Functionality

A must have for all Joomla sites!

100
Ease of use

Ease of Use

100
Support
100
Documentation
I used this to: I use this for all my sites.

Thanks a lot!
100

Should be a core feature


Posted on 11 March 2015
100
Functionality
100
Ease of use
I used this to: This should be a core feature. After seeing how many failed login attempts were in my apache error logs, I installed this plugin and am shocked at how many failed logins it's caught in just the past half hour.
75

problems with 1.3


Posted on 07 March 2015
57
Ease of use
68
Support
100
Documentation
I used this to: I really liked this in joomla 2.5, but when I updated to Joomla 3.3, I installed the new version.Even after manually deleting all files and database tables there was an error on attempting to send an email notification 'class xxx not found in administrator/..../settings.php.
Owner's reply: Thanks for your review!
Regarding ease of use, any specific problems you had setting it up? If you have any suggestion regarding improving the usability, I'd be very glad to hear it (ideally you would report an issue on https://github.com/codeling/bfstop/issues)! Regarding support, I would also love to hear your suggestions on what I could improve - but please also consider that I'm writing (as well as giving support for) this plugin in my free time.
100
Functionality
86
Ease of use

Setting are slightly ambiguous.

100
Support
I used this to: All joomla websites published.
100

Should be Joomla core


Posted on 14 October 2014

I'm not sure what the likelihood is of someone actually succeeding in logging in to a site, but the idea scared me when I saw the number of attempts to access my site's Apache server. After The first day after installing BFStop, I got so many notices of failed attempts that I set it to send me only 1 message a day and to block the IP permanently after 5 failed attempts. Pretty much all attempts are to the usernames 'admin', 'administrator', or a variation of the url, so I suggest eliminating those even if you don't install BFStop. This extension is easy to understand and implement, and worked without a glitch for me.

100

This should be Core!


Posted on 30 September 2014

I was unaware that these attacks were happening. When I checked my daughter's site, she had admin accounts that no one could explain. After installing Brute Force Stop, I have seen and blocked 4 attacks in about 2 weeks. The IP is blacklisted now automatically and I suspect the problem is solved. Of course a tight user name and password help tremendously, but Brute force stop bats clean-up. Great Job. This extension should be in the Joomla Core.

100

Good extension


Posted on 07 June 2014

I have used this extension for a while. It is great one, work as expected. It is also easy to set up. Now I used it on all of my sites. Thanks developer for your effort.

Brute Force Stop

Version:
1.4.1
Developer:
Bernhard Froehler
Last updated:
Feb 01 2017
Date added:
Nov 19 2014
License:
GPLv2 or later
Type:
Free download
Includes:
c p
Compatibility:
3
Download

Uses Joomla! Update System

Score:


Write a review