aertmann/brute-force

Simple brute-force prevention (account locking) for Flow

Maintainers

👁 aertmann

Package info

github.com/aertmann/brute-force

Type:neos-package

pkg:composer/aertmann/brute-force

Statistics

Installs: 1 550

Dependents: 0

Suggesters: 0

Stars: 5

Open Issues: 0

3.0.0 2023-04-26 15:26 UTC

Requires

Requires (Dev)

None

Suggests

None

Provides

None

Conflicts

None

Replaces

None

MIT 743ff772df705ddeb316c13ca678077e6a554681

  • Aske Ertmann <aske.woop@ertmann.co>

flowsecurityNeosbrute-force

This package is auto-updated.

Last update: 2026-06-26 22:20:03 UTC


README

👁 Scrutinizer Code Quality
👁 Latest Stable Version
👁 Total Downloads
👁 License

Introduction

This package provides simple brute-force prevention (account locking) for Neos/Flow.

A notification email can be send to an administrator when an account has been locked.

Compatible with Neos 3.x or later / Flow 4.x or later (tested until 7.3)

Be aware that there are ways to circumvent this protection and it can be misused, see Blocking Brute Force Attacks for more information.

Note that the threshold is disabled in development context by default. To override it, create a Settings.yaml configuration file inside a Development folder inside a Configuration folder.

Installation

composer require "aertmann/brute-force:~2.0"

Configuration

Failed attempts threshold and notification mail can be configured in Settings.yaml.