You can configure the login security for your Developer Portal at an IP and user level. You can also configure login security for Developer Portal contact forms.
Before you begin
Important: The Login Security module is being removed from future releases. It has been replaced by Flood Control. Existing users of the Login security module should configure Flood Control with the same limits and time windows as specified here. For more information, see Using flood control for login security.
You must have administrator access to complete this task.
- If the administrator dashboard is not displayed, click Manage to display it.
- Click Configuration in the administrator dashboard.
- In the PEOPLE section, click Login Security.
Enter values in the following fields in the GENERAL SETTINGS section
according to your requirements:
- Track time - the time window to check for security violations.
- User - the number of login failures before blocking a user.
- Soft host - the number of login failures before soft blocking a host. The host can still browse the site as an anonymous user.
- Host - the number of login failures before hard blocking a host. The host cannot access the site at all.
- Attack detection - the number of login failures before warning about an ongoing attack.
Select the check boxes that satisfy your notification requirements in the
- Disable login failure error message
- Notify the user about the number of remaining login attempts
- Display last login timestamp
- Display last access timestamp
- Optional: Edit the EMAIL FOR ONGOING ATTACK DETECTION section.
- Optional: Edit the EMAIL FOR BLOCKED ACCOUNT section.
You can edit the notification texts that are displayed by configuring the following
- Failed login attempt
- Banned host (soft IP ban)
- Banned host (hard IP ban)
- Blocked user by uid
- After you have configured your login security options, click Save configuration.
To unblock a user, see Blocking and unblocking specific users. To unblock an IP address, see Managing banned IP addresses.