Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by on Wednesday, 17 March 2021 20:17 CDT
Hi support,
A client of ours is having issues with their 3rd party developers getting locked out of the site. They'd like us to set a higher number of attempts before their users get locked out from too many failed logins, however because our user activation method is set to "none" Admin Tools is not allowing us to enable and change this setting.
Is there no way for us to change the number of attempts without changing how our user workflow works?
Regards,
- Richard
You are looking at the wrong setting. Admin Tools does not disable the user account exactly because users can't self-activate their account if it gets blocked. What it does is temporarily block their IP address. You can change that under the Auto-ban tab. Remember that this setting affects all blocked requests for any reason and IP address.
You could alternatively set “Treat failed logins as a reason for blocking the request” to No so they don't get blocked for too many failed login attempts.
However, the really best solution is that your client's 3PD developers actually pay attention to what they do to log into the site. It's surely not that hard copying a URL, a username and a password? If your client provides these correctly and they can't do a simple copy & paste I would very strongly doubt these 3PD's ability to develop their way out of a wet paper bag. Speaking as someone who regularly gets frustrated at how difficult it is to copy information when the client just shoves it all together, occasionally adding periods after the password because they are ending a sentence in the form of "site login example.com word foobar login brad theman su brad dr@dst3r." (login info fictitious but not far off from some real world examples). So, yeah, I think clear communication is the best solution that doesn't have a security impact.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.
Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!