Hello, is there any way I can add an extra layer of security for the admin login page in such a way that the admin login is locked after a set number of tries?
Thank you very much! peace.
The Login plugin provides flood protection (https://github.com/getgrav/grav-plugin-login/commit/590f188189c8453afb5992e7ec385795336ee711), but only for the frontend, Admin does not yet have such checks.
You can (and should) limit access to Admin using HTTP authentication, or IP range limit, with webserver-specific ways (.htaccess / .htpasswd for Apache).
You can even keep Admin in the local / staging site only, that’s one of my favorites. I put it in my .gitignore, and only sync the pages and configuration to the live site.
And, you should also change the default /admin route to something unique, via the Admin plugin settings.
2 Likes