Account Lockout
Protect your Flarum forum against brute-force login attacks by automatically locking accounts after too many failed login attempts.
Features
- Configurable Attempt Threshold — Set the maximum number of failed login attempts before an account is locked (default: 5)
- Timed Lockout — Accounts auto-unlock after a configurable duration (5, 10, 15, 30, or 60 minutes)
- Manual Lockout — Require an admin or moderator to manually unlock accounts
- Password Reset Unlock — Timed lockouts are automatically cleared when a user resets their password
- Admin Bypass — Admin accounts are never locked out
- Unlock Controls — Moderators and admins can unlock accounts from user profiles and the admin users page
- Locked Badge — Locked users display a badge visible to moderators and admins
- Login Error Messages — Custom error messages inform users when their account is locked and when they can try again
Requirements
Links
Installation
composer require ralkage/flarum-ext-account-lockout
Then enable it in your Flarum admin panel under Extensions.
Configuration
- Go to Admin → Account Lockout.
- Set the Maximum Failed Login Attempts (default: 5).
- Choose a Lockout Mode:
- Timed — Accounts auto-unlock after the configured duration.
- Manual — Accounts stay locked until an admin or moderator unlocks them.
- Set the Lockout Duration (only applies in timed mode).
- Assign the Unlock locked accounts permission to the appropriate groups.
License
MIT
