Simple brute-force prevention (account locking) for Flow

Installs: 218

Dependents: 0

Suggesters: 0

Security: 0

Stars: 2

Watchers: 2

Forks: 0

Open Issues: 0


2.0.0 2018-08-22 18:50 UTC

This package is auto-updated.

Last update: 2020-03-06 14:45:13 UTC


Scrutinizer Code Quality Latest Stable Version Total Downloads License


This package provides simple brute-force prevention (account locking) for Neos/Flow.

A notification email can be send to an administrator when an account has been locked.

Compatible with Neos 3.x + 4.x / Flow 4.x + 5.x

Be aware that there are ways to circumvent this protection and it can be misused, see Blocking Brute Force Attacks for more information.

Note that the threshold is disabled in development context by default. To override it, create a Settings.yaml configuration file inside a Development folder inside a Configuration folder.


composer require "aertmann/brute-force:~2.0"


Failed attempts threshold and notification mail can be configured in Settings.yaml.