msp/userlockout 1.1.1

Brute force prevention system for Magento2 - Member of MageSpecialist SecuritySuite

Type

magento2-module

License

OSL 3.0

Requires
Requires (dev)

None

Suggests
Provides

None

Conflicts

None

Replaces

None

MSP UserLockout

Customer login brute force protection module.

This module can temporary lock a customer account when too many login password attempts fail are detected.

Member of MSP Security Suite

See: https://github.com/magespecialist/m2-MSP_Security_Suite

Installing on Magento2:

1. Install using composer

From command line:

composer require msp/userlockout
php bin/magento setup:upgrade

2. Enable and configure from your Magento backend config

Frontend screenshot

When the amount of failed attempts is reached, this module prevents further attemps for a defined amount of seconds.

This is one of the most effective countermeasures for brute force.

Backend manual unlock

You can monitor and manually unlock users from your Magento backend under Customers > Locked Users:

Command-line unlock

You can manually unlock one user from command-line if necessary:

php bin/magento msp:security:lockout:unlock <IP> <username>

Example:

php bin/magento msp:security:lockout:unlock 127.0.0.1 [email protected]