msp / userlockout
Brute force prevention system for Magento2 - Member of MageSpecialist SecuritySuite
Installs: 1 848
Dependents: 1
Suggesters: 0
Security: 0
Stars: 3
Watchers: 4
Forks: 0
Open Issues: 0
Type:magento2-module
Requires
- php: ^7.0|^7.1
- magento/magento-composer-installer: *
- msp/security-suite-common: >=1.3
Suggests
- msp/security-suite: Full MageSpecialist Security Suite
README
Customer login brute force protection module.
This module can temporary lock a customer account when too many login password attempts fail are detected.
Member of MSP Security Suite
See: https://github.com/magespecialist/m2-MSP_Security_Suite
Installing on Magento2:
1. Install using composer
From command line:
composer require msp/userlockout
php bin/magento setup:upgrade
2. Enable and configure from your Magento backend config
Frontend screenshot
When the amount of failed attempts is reached, this module prevents further attemps for a defined amount of seconds.
This is one of the most effective countermeasures for brute force.
Backend manual unlock
You can monitor and manually unlock users from your Magento backend under Customers > Locked Users:
Command-line unlock
You can manually unlock one user from command-line if necessary:
php bin/magento msp:security:lockout:unlock <IP> <username>
Example:
php bin/magento msp:security:lockout:unlock 127.0.0.1 user@example.com