You can configure the login security for your Developer Portal at
an IP and user level. You can also configure login security for Developer Portal
contact forms.
Before you begin
Important: The Login Security module is being
removed from future releases. It has been replaced by Flood Control. Existing users of the Login
security module should configure Flood Control with the same limits and time windows as specified
here. For more information, see
Using flood control for login security.
You must have administrator access to the Developer Portal to
complete this task.
Procedure
-
If the administrator dashboard is not displayed, click Manage to display it.
-
Click Configuration in the administrator dashboard.
-
In the PEOPLE section, click Login Security.
-
Enter values in the following fields in the GENERAL SETTINGS section
according to your requirements:
- Track time - the time window to check for security violations.
- User - the number of login failures before blocking a user.
- Soft host - the number of login failures before soft blocking a host. The
host can still browse the site as an anonymous user.
- Host - the number of login failures before hard blocking a host. The host
cannot access the site at all.
- Attack detection - the number of login failures before warning about an
ongoing attack.
-
Select the check boxes that satisfy your notification requirements in the
NOTIFICATION section:
- Disable login failure error message
- Notify the user about the number of remaining login attempts
- Display last login timestamp
- Display last access timestamp
- Optional:
Edit the EMAIL FOR ONGOING ATTACK DETECTION section.
- Optional:
Edit the EMAIL FOR BLOCKED ACCOUNT section.
- Optional:
You can edit the notification texts that are displayed by configuring the following
options:
- Failed login attempt
- Banned host (soft IP ban)
- Banned host (hard IP ban)
- Blocked user by uid
-
After you have configured your login security options, click Save configuration.
What to do next
To unblock a user, see Blocking and unblocking specific users.
To unblock an IP address, see Managing banned IP addresses.