Site Security

This plugin provides means to avert Brute-Force-Attacks on your Joomla-Installation. For this purpose, the plugin stores information on failed login attempts, so that when reaching a configurable number of such failed login attempts the attacker's IP address can be blocked. Furthermore, you can configure notifications about failed logins and blocked IP addresses, as well as a configurable (optionally even adaptive) delay for a failed login attempt.

  • Favourite
  • Report

The component included in the package will allow you to view the blocked IP addresses and manage them, manage whitelists of IP addresses which will never be blocked, viewing failed log attempts and testing the notification.

New in version 1.4.1:
- minor release fixing JED checker errors
New in version 1.4.0:
- Blocking via .htaccess
- New method for determining client IP to support load balancers / proxies
- IPv6 fixes (IPv6 subnet masks not yet supported)
- mysql compatibility
- php 7 compatibility
For a detailed list of changes in each version see the commit history at

- pt-PT/pt-BR translations and various fixes by solrac (comproperty247(at)
- ca-ES translations by nouespai
- fr-FR translations by Flying_Lolo
- nl-NL translations and various fixes by Rob van Baal (info(at)
- es-ES translations by Aimagen (info(at)
- ru-RU translations by Raven (ravencrow(at)
- it-IT translations and various fixes by Stefano Buscaglia (info(at)
- old nl-NL translations by Agrusoft


Just what i need!

Posted on 13 May 2013

Great extension! It is easy to install an easy to use. With auto IP block i do not need to add custom htaccess lines anymore. Personal thanks to developers!



Posted on 16 April 2013

It is the best plugin. Fast, easy and secure ... congratulations!.

I sought this out because I run a server that hosts a couple hundred websites with Joomla in place. After analyzing my apache logs I noticed that brute force attempts were very common.

While my company sticks to pretty strong security policies such as never having an "admin" account and a daily password change ( yes, daily.. automated password changes ) .. I still don't like the idea of someone sending hundreds of POST requests per hour trying to break into one of our sites.

I had written a script to analyze the apache logs for x number of POST requests in an hour to ban them from the server ENTIRELY but while that's been successful.. it's had one or two false positives and it still doesn't prevent someone from getting in a hundred or so tries before the script catches them.

In comes this plugin! I love it because it's more specific, it doesn't just count POSTs per hour it counts failed login attempts in a row and allows you to temp ban them as well as get notified.. I have it set up to ban after only 4 attempts for a period of an hour which I think is fair.. I get notified so if I see abuse I can permanently ban them myself.

Great job! I'm glad I found it so I didn't have to write it myself =)


Thank You for this plugin! IT is awsome and works! Great!

God bless You!

Owner's reply: Thank you for taking the time to write a review!
If you should have any questions, problems or enhancement requests, just go over to!

Brute Force Stop

Bernhard Froehler
Last updated:
Feb 01 2017
Date added:
Nov 19 2014
GPLv2 or later
Free download
c p

Uses Joomla! Update System


Write a review