---
title: "Secure Grav from Brute-Force Attacks"
description: "Just like WebHost Manager (WHM) has cPHulk, Grav includes built-in brute force protection with the Login plugin. Below we cover how to set maximum login and password reset attempts. Note: The Login..."
url: https://www.inmotionhosting.com/support/security/secure-grav-from-brute-force-attacks/
date: 2019-05-29
modified: 2021-11-19
author: "InMotion Hosting Contributor"
categories: ["Security"]
type: post
lang: en
---

# Secure Grav from Brute-Force Attacks

Just like WebHost Manager (WHM) has [cPHulk](/support/security/enabling-cphulk/), Grav includes built-in brute force protection with the [**Login** plugin](https://github.com/getgrav/grav-plugin-login). Below we cover **how to set maximum login and password reset attempts**.

**Note**: The Login plugin is installed with [Grav + Admin Plugin](/support/website/install-grav-cms-admin/) by default.

## Edit Login Security Settings

1. **Log into Grav**.
2. Select **Plugins** on the left.
3. Click the **Login** plugin name to view its settings and info.
4. Select the **Security** tab.
5. Change the following settings as desired: **Max password resets count** Reset requests allowed at once (0 = unlimited) **Max password resets interval** Minutes to track password resets **Max logins count** Failed login attempts allowed at once (0 = unlimited) **Max logins interval** Minutes to track login attempts [![Grav Login Security settings](https://www.inmotionhosting.com/support/images/stories/grav/grav-plugin-login-security.png)](https://www.inmotionhosting.com/support/images/stories/grav/grav-plugin-login-security.png)
6. Press **Save** at the upper-right.

Afterwards, [schedule backups](https://www.inmotionhosting.com/support/website/grav-backups/) for worst case scenarios. Learn more about Grav in our [Support Center](/support/website/grav-backups/).
