Configuration Options
Brute Force Settingsโ
| Setting | Description |
|---|---|
| Max Retries | Maximum unsuccessful login attempts before lockout |
| Lockout Time | Duration (in minutes) user is prevented from logging in after max retries |
| Max Lockouts | Maximum number of times a user can be locked out |
| Extended Lockout | Duration (in hours) to extend lockout if max lockouts exceeded |
| Reset Retries | Time duration to check for failed login attempts |
| Email Notifications | Number of lockouts after which an email notification is sent to admin |
| User Inactivity Timeout | Duration of inactivity before automatic logout |
| IP Change Notification | Send email notification to admin if staff logs in from a different IP address |
IP/Email Blacklistโ
- Add IP addresses to block (one per line).
- Supports IP ranges (e.g.,
1.2.3.4-5.6.7.8). - Add Email addresses to block (one per line).
- Blacklisted IPs/emails are blocked even with correct credentials.
Login Expiry for Staffโ
- Set an expiry date for staff accounts.
- After expiry, the account becomes inactive automatically.
warning
Login Expiry requires a cron job to be set up on your server for automatic account deactivation.
Single Session Settingsโ
- Prevents staff from signing in on multiple browsers simultaneously.
- Previous session must be destroyed before signing in from a new browser.
- Staff can reset their previous session if needed.
Support
Visit the Themesic Support Portal for assistance.