This package is not installable via Composer 1.x, please make sure you upgrade to Composer 2+. Read more about our Composer 1.x deprecation policy.

Security Bundle for FOSUserBundle, SonataUserBundle and BrueryUserBundle

2.0.x-dev 2017-10-27 01:35 UTC

This package is not auto-updated.

Last update: 2021-12-05 21:45:27 UTC



Use this bundle to mitigate brute force dictionary attacks on your sites. Excessive failed logins will force users to recover their account, additional attempts to circumvent that will block the user from specified webpages by returning an HTTP 500 response on all specified routes.


SecurityBundle Provides the following features:

  1. Prevent brute force attacks being carried out by limiting number of login attempts:
    1. When first limit is reached, redirect to an account recovery page.
    2. When secondary limit is reached, return an HTTP 500 status to block login pages etc.
  2. All limits are configurable.
  3. Routes to block are configurable.
  4. Route for account recovery page is configurable.
  5. Decoupled from UserBundle specifics. You can use this with any user bundle you like.
  6. Redirect user to last page they were on upon successful login.
  7. Redirect user to last page they were on upon successful logout.


Check out the documentation on the bundles wiki page.


For general support and questions, please use Disqus.

If you think you find a bug or you have a feature idea to propose, feel free to open a issue after looking at the contributing guide.


This package is available under the MIT license.