Feature Requests
Share ideas, discuss and vote on requests from other users in community
 

Admin level banning for failed login attempts - rather than full IP ban

Todd Brotzman shared this idea 1 month ago
Under Consideration

Add configuration item to enable Admin/IP banning for a certain IP, which is essentially similar to IP banning, but only banning for the Admin user who failed the sign-in for a prescribed IP.

So, rather than a whole office being locked out, only the one Admin user is locked out. This is not same thing as white-listing the IP. We want the banning to occur, but only for the credentials that failed, not the complete IP.

If per chance other failed login attempts captured for other usernames on same IP (.. or not - but same WHMCS org), then possibly revert to a hard IP ban for all, because there is more likelihood that hackers are attempting with multiple admin users.

The idea is to keep some level of security from hackers, but not too disruptive to end users who simply forgot their pw, and think they know it but hit the 3 attempt limit rather than choose option to reset their pw.