Skip to content
Grav 2.0 is officially stable. Read the announcement →
General

Security for Admin login? Lock after set number of tries

admin

Started by David 9 years ago · 1 replies · 979 views
9 years ago

Hello, is there any way I can add an extra layer of security for the admin login page in such a way that the admin login is locked after a set number of tries?

Thank you very much! peace.

9 years ago

The Login plugin provides flood protection (https://github.com/getgrav/grav-plugin-login/commit/590f188189c8453afb5992e7ec385795336ee711), but only for the frontend, Admin does not yet have such checks.

You can (and should) limit access to Admin using HTTP authentication, or IP range limit, with webserver-specific ways (.htaccess / .htpasswd for Apache).

You can even keep Admin in the local / staging site only, that's one of my favorites. I put it in my .gitignore, and only sync the pages and configuration to the live site.

And, you should also change the default /admin route to something unique, via the Admin plugin settings.

👍 2

Suggested topics

Topic Participants Replies Views Activity
General · by Hanns Mattes, 3 weeks ago
1 266 3 weeks ago
General · by Andy Miller, 3 weeks ago
0 194 3 weeks ago
General · by Jerry Hunt, 3 weeks ago
2 330 3 weeks ago
General · by pamtbaau, 3 weeks ago
1 253 3 weeks ago
General · by Andy Miller, 3 weeks ago
0 220 3 weeks ago