Hi!
We noticed on one of our sites that some users get 'deactivated' (I think by Admin Tools) after they try to login with wrong credentials. While this is probably a good security measure, in this case it's also a bit user unfriendly, at least in the way it is set up now.
We have a website that syncs users with an external application. Users can not register on the website themselves. This is why we have 'user registration' disabled.
When we go to the WAF settings in AdminTools we see the option 'Treat failed logins as a reason for blocking the request'. This is set to YES. So this is probably why Adim Tools disables users when the login incorrectly. Right?
Below this there is an option 'Deactivate user after'. This was set to 0 failed logins in 1 hour. But the setting was 'disabled' because : "User registration on your site is disabled, therefore Admin Tools can't deactivate users."
My questions:
Does (can) AdminTool deactivate users when 'User registration' is turned off? If not, then I am not sure how the users get deactivated...
If AdminTools DOES deactivate users, does it use the settings from 'Deactivate user after? In that case I would need to adjust this (to let's say to 5 failed logins every minute) to make it less strict? In order to do this we need to turn on 'user registration', change the values in the WAF setting and the turn user registration back off. Correct?
Hope you can clarify this for me.
Kind regards,
Jip