Brute force prevention system for Magento2 - Member of MageSpecialist SecuritySuite
Customer login brute force protection module.
This module can temporary lock a customer account when too many login password attempts fail are detected.
Member of MSP Security Suite
1. Install using composer
From command line:
composer require msp/userlockout
php bin/magento setup:upgrade
2. Enable and configure from your Magento backend config
When the amount of failed attempts is reached, this module prevents further attemps for a defined amount of seconds.
This is one of the most effective countermeasures for brute force.
You can monitor and manually unlock users from your Magento backend under Customers > Locked Users:
You can manually unlock one user from command-line if necessary:
php bin/magento msp:security:lockout:unlock <IP> <username>
php bin/magento msp:security:lockout:unlock 127.0.0.1 [email protected]