Use this module to protect your site from brute force attacks. This module limits the number of login attempts and blocks the IP address with multiple failed login attempts.
Activate the Block Failed Login Module
In the Admin Optimizer page, click to enable the Block Failed Login module. Press Save Changes to save the changes.
Configure the Block Failed Login Module
- Navigate to Admin Menu → Admin Optimizer → Block Failed Login
- Set the number of failed login attempt to trigger a lockout. The default is 3.
- If you are using Admin Optimizer Pro, there are additional configuration options:
- Lockout Time: The default is 15 minutes. You can change to a longer/shorter time.
- Total Lockout: When a number of lockouts was triggered, the module will activate a total lockout for 24 hours. Set the number of lockouts before activating a full login block.
- Hide Login Form on lockout: When an IP address is being lockout, the module will hide the login form too to prevent further login attempt.
Release Lock in Block Failed Login Module
When a user is accidentally locked out, the administrator can release the lock for the user.
- Navigate to Admin Menu → Admin Optimizer → Block Failed Login
- In the IP Address Lockout Log table, find the entry that corresponds to the lockout user.
- Click Release lock to release the lockout for the user.
- For Admin Optimizer Pro, you have additional options to Lock for 24 hours and Delete the entry.
