Welcome Guest, Not a member yet? Register   Sign In
How can I lockout login for 5 minutes if 5 bad attempts are made

Im trying to lock the login for 5 minutes if 5 bad attempts are made in a row to help deter brute force hackers. Does anyone have any methods they usually use in CodeIgniter? Thanks!

I would highly recommend that you use a reputable Auth library for CodeIgniter instead of building something by yourself. There is a lot of security to think of and easy to miss if you don't know exactly what you are doing.

I recommend Ion Auth, it is one of the best auth libraries for CI. It also include lockout functionality that you are looking for.

Thanks I will look into that!

(This post was last modified: 03-04-2015, 04:42 PM by alexandervj.)

Are there any other things you recommend to make the login/site secure?

Some basics and things I always recommend for basic security
  • Good Auth Library (as I recommended above)
  • Required user account activation/validation via email
  • Lockout functionality
  • Enforce strong user passwords (min 8 chars, with min 2 numeric)
  • User CSRF token for ALL user submitted forms.
  • As always, validate ALL data submitted by users.
  • HTTPS on all requests
  • Never use one login for admins, they should have there own personal login (if you have a CMS)

And if you want to go all the way
  • Deny any sort of iframing of your site setting the X-Frame-Options header https://developer.mozilla.org/en-US/docs...me-Options
  • Turn on secure cookies (available in the CI config)
  • Turn on HTTP cookies only (but be aware this will make the cookie unavailable for JS) (available in the CI config)
  • Enforce extreme user passwords (min 8 chars, min 2 lower, 2 upper, 2 numeric, 2 special char)

That is what I can think of atm, but it is late here so I will update if I can come up with anything else another day.

Theme © iAndrew 2016 - Forum software by © MyBB