SecuritySmash Security: Login Protection & Rate Limiting

Protect Your Admin from Brute Force Attacks

The login protection features help prevent unauthorized access by monitoring login attempts and automatically blocking suspicious activity.

Enabling Login Protection

1. Go to Extensions > Extensions > Modules
2. Find "Smash Security + Admin Protection" and click Edit
3. Enable the module in the General tab
4. Navigate to the Login Protection tab

Login Attempt Logging

When enabled, every admin login attempt is recorded with:

• Username: The username attempted
• IP Address: Where the attempt came from
• User Agent: Browser/device information
• Status: Success or failure
• Timestamp: When it occurred

Why This Matters:

• Identify unauthorized access attempts
• Track admin user activity for audit purposes
• Detect patterns that indicate attacks

Rate Limiting Configuration

Rate limiting automatically blocks IPs after too many failed login attempts.

Max Failed Attempts

How many failed logins before blocking the IP.

• Recommended: 5 attempts
• Lower (3) = More secure but may lock out legitimate users who forget passwords
• Higher (10) = More lenient but gives attackers more tries

Lockout Time (Minutes)

How long to block the IP after exceeding max attempts.

• Recommended: 30 minutes
• Shorter (15) = Less disruption but attackers can retry sooner
• Longer (60+) = More secure but may inconvenience legitimate users

Managing Blocked IPs

The "Currently Blocked IPs" section shows all IPs currently locked out.

• View when the block expires
• Manually unblock IPs if needed (e.g., if an employee gets locked out)

Best Practices

• Review login logs weekly for suspicious activity
• Look for patterns: multiple usernames from same IP, unusual hours, foreign IPs
• Combine with IP whitelisting (Pro) for maximum security
• Use strong, unique passwords for all admin accounts