Search by 
ralkage / flarum-ext-account-lockout
Lock user accounts after too many failed login attempts.
Maintainers
Package info
github.com/Ralkage/flarum-ext-account-lockout
Type:flarum-extension
pkg:composer/ralkage/flarum-ext-account-lockout
v2.0.0-beta.8
2026-03-28 20:05 UTC
Requires
- php: ^8.1
- flarum/core: ^2.0
This package is auto-updated.
Last update: 2026-03-28 20:15:24 UTC
README
Protect your Flarum forum against brute-force login attacks by automatically locking accounts after too many failed login attempts.
Features
- Configurable Attempt Threshold — Set the maximum number of failed login attempts before an account is locked (default: 5)
- Timed Lockout — Accounts auto-unlock after a configurable duration (5, 10, 15, 30, or 60 minutes)
- Manual Lockout — Require an admin or moderator to manually unlock accounts
- Password Reset Unlock — Timed lockouts are automatically cleared when a user resets their password
- Admin Bypass — Admin accounts are never locked out
- Unlock Controls — Moderators and admins can unlock accounts from user profiles and the admin users page
- Locked Badge — Locked users display a badge visible to moderators and admins
- Login Error Messages — Custom error messages inform users when their account is locked and when they can try again
Requirements
- Flarum
^1.8 - PHP
^8.0
Links
Installation
composer require ralkage/flarum-ext-account-lockout
Then enable it in your Flarum admin panel under Extensions.
Configuration
- Go to Admin → Account Lockout.
- Set the Maximum Failed Login Attempts (default: 5).
- Choose a Lockout Mode:
- Timed — Accounts auto-unlock after the configured duration.
- Manual — Accounts stay locked until an admin or moderator unlocks them.
- Set the Lockout Duration (only applies in timed mode).
- Assign the Unlock locked accounts permission to the appropriate groups.
License
MIT — see LICENSE.