msp/userlockout

Brute force prevention system for Magento2 - Member of MageSpecialist SecuritySuite

Maintainers

Details

github.com/magespecialist/m2-MSP_UserLockout

Source

Issues

Installs: 1 845

Dependents: 1

Suggesters: 0

Security: 0

Stars: 3

Watchers: 5

Forks: 0

Open Issues: 0

Type:magento2-module

1.1.1 2017-09-07 16:09 UTC

Requires

Suggests

OSL 3.0 cf7ddac91a6260104555618623f8479f71ad4efa

  • Riccardo Tempesta <riccardo.tempesta.woop@magespecialist.it>

This package is auto-updated.

Last update: 2024-03-28 22:24:19 UTC

README

Customer login brute force protection module.

This module can temporary lock a customer account when too many login password attempts fail are detected.

Member of MSP Security Suite

See: https://github.com/magespecialist/m2-MSP_Security_Suite

Installing on Magento2:

1. Install using composer

From command line:

composer require msp/userlockout
php bin/magento setup:upgrade

2. Enable and configure from your Magento backend config

config.png

Frontend screenshot

When the amount of failed attempts is reached, this module prevents further attemps for a defined amount of seconds.

This is one of the most effective countermeasures for brute force.

too_many_failures.png

Backend manual unlock

You can monitor and manually unlock users from your Magento backend under Customers > Locked Users:

lockout_list.png

Command-line unlock

You can manually unlock one user from command-line if necessary:

php bin/magento msp:security:lockout:unlock <IP> <username>

Example:

php bin/magento msp:security:lockout:unlock 127.0.0.1 user@example.com