Support

It doesn't look like there's a way to block a specific Joomla user account due to failed login attempts using Admin Tools. Please confirm this is true.

The request from the client is to block a user in Joomla if they attempt and fail to log in to the site a certain number of times. Obviously, someone can try to login to the site with an invalid username and we wouldn't be able to do anything about that. I'm wondering if I would be able to trigger on a log to the _admintools_log table. If the username found in the extradata of the log matches a username in the Joomla users table, and there have been x amount of those in the past hour, the user will be blocked.

Is there a way I can extend Admin Tools to hook onto a "log" event?

If I understand what you're asking for, you don't need to hook into the log, you just need to turn the feature on.

Please take a look at Web Application Firewall, Configure WAF, on the Hardening Options tab, the fields "Treat failed logins as security exceptions" and "Deactivate user after" should do exactly what you're looking for.

That was it, thank you!

You're welcome!

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.