Hello, is there any way I can add an extra layer of security for the admin login page in such a way that the admin login is locked after a set number of tries?
Thank you very much! peace.
Hello, is there any way I can add an extra layer of security for the admin login page in such a way that the admin login is locked after a set number of tries?
Thank you very much! peace.
The Login plugin provides flood protection (https://github.com/getgrav/grav-plugin-login/commit/590f188189c8453afb5992e7ec385795336ee711), but only for the frontend, Admin does not yet have such checks.
You can (and should) limit access to Admin using HTTP authentication, or IP range limit, with webserver-specific ways (.htaccess / .htpasswd for Apache).
You can even keep Admin in the local / staging site only, that's one of my favorites. I put it in my .gitignore, and only sync the pages and configuration to the live site.
And, you should also change the default /admin route to something unique, via the Admin plugin settings.
Log in to reply.
| Topic | Participants | Replies | Views | Activity |
|---|---|---|---|---|
| 1 | 266 | 3 weeks ago | ||
| 0 | 194 | 3 weeks ago | ||
| 2 | 330 | 3 weeks ago | ||
| 1 | 253 | 3 weeks ago | ||
| 0 | 220 | 3 weeks ago |