Brute Force Protection Settings
Starting from Peepso 1.10.5, we added new feature "Brute Force Protection" which it can prevent your site from password cracking and set your login site security in the high level. This feature is fully configurable as you get the following options in the Backend > PeepSo > Configuration > Advanced > Security > Login security:
Minimum password length
The above was introduced as a setting after a user pointed out on our registration there’s just a simple 6 character password being required. We made this configurable with a new default minimum of at least 10 characters per password.
The minimum password length is a new feature and not really related directly to the brute force settings. Nevertheless, it is related to login security. It doesn’t matter whether the brute force protection is enabled or not, the minimum password length setting is self-contained.
Enable login brute force protection
Enable login brute force protection feature
Block login after
Maximum failed attempts allowed.
hours:minutes - how long to block login attempts after the above limit is reached.
Send an e-mail notification to the user, warning them about failed login attempts.
Enable additional block after
Additional security when users block themselves repeatedly.
Additional block length
How long to block login attempts when additional security is triggered.
Reset retries after
How long it takes for the system to "forget" about a failed login attempt.