Banning clients for failed login attempts (similar to the admin)
-
Amir Zano shared this idea 10 years ago
- Other
- 10 Comments
60
Votes
You may notice many failed login attempts to your clients and we would like to protect them from being hacked or something like that by banning clients for failed login attempts (similar to the admin) this feature is important and useful.
[u]Vote for it.[/u]
[u]Vote for it.[/u]
Merged Ideas
Client Area Brute Force Protection
I wonder how WHMCS didn't implement brute force protection for client users till now,Every one can use simple brute force methods to hack in our clients passwords.Please implement this simple feature ASAP.
I wonder how WHMCS didn't implement brute force protection for client users till now,Every one can use simple brute force methods to hack in our clients passwords.Please implement this simple feature ASAP.
Featured Comment
Thanks for your votes and comments in support of implementing rate-limiting on client area login attempts.
We're pleased to announce this will be implemented in our next feature release this year. The rate limiting will work on a “sliding window” basis, allowing a maximum of 10 unsuccessful login attempts within a 10 minute period.
The behaviour differs from the Admin Area Ban - where an IP address is placed on a ban list with a fixed expiry time - which means that if a genuine client does trigger the rate limiting following lots of quick login attempts, they'll just need to wait 10 minutes before trying again.