Hello, is there any way I can add an extra layer of security for the admin login page in such a way that the admin login is locked after a set number of tries?
Thank you very much! peace.
Community guidelines
Please keep discussions civil and on-topic. Repeated violations may lead to a temporary ban.
General
The Login plugin provides flood protection (https://github.com/getgrav/grav-plugin-login/commit/590f188189c8453afb5992e7ec385795336ee711), but only for the frontend, Admin does not yet have such checks.
You can (and should) limit access to Admin using HTTP authentication, or IP range limit, with webserver-specific ways (.htaccess / .htpasswd for Apache).
You can even keep Admin in the local / staging site only, that's one of my favorites. I put it in my .gitignore, and only sync the pages and configuration to the live site.
And, you should also change the default /admin route to something unique, via the Admin plugin settings.
Log in to reply.
Suggested topics
| Topic | Participants | Replies | Views | Activity |
|---|---|---|---|---|
| 2 | 70 | 5 hours ago | ||
| 1 | 45 | 10 hours ago | ||
| 0 | 43 | 22 hours ago | ||
| 6 | 341 | 4 days ago | ||
| 3 | 35 | 5 days ago |