Clientarea Forgot Password - Rate limiting
-
TC Tan shared this idea 3 years ago
- Client Area
- 1 Comment
3
Votes
Login to Vote
It would be good if WHMCS have rate limiting implemented over the forget password form.
To prevent certain abuse of request such as:
- Spamming user's inbox. For example: Enter [email protected] and submit forgot password request, x50 times. That will trigger 50 emails to [email protected]'s inbox.
To prevent certain abuse of request such as:
- Spamming user's inbox. For example: Enter [email protected] and submit forgot password request, x50 times. That will trigger 50 emails to [email protected]'s inbox.
1 Comment
Login to post a comment.
I'm pleased to advise that rate limiting of password reset request emails has been implemented in the upcoming v9.0 release.
Version 9.0 is currently undergoing public pre-release testing. Please use this opportunity to test it out and share your feedback with us: https://whmcs.community/forum/660-whmcs-90-rc-discussion/
Feature Documentation: https://docs.whmcs.com/releases/9-0/9-0-release-notes/#rate-limiting-for-user-login-attempts
To learn more about the latest release and to take part in pre-release testing, visit https://preview.whmcs.com