Secure Grav from Brute-Force Attacks

Just like WebHost Manager (WHM) has cPHulk, Grav includes built-in brute force protection with the Login plugin. Below we cover how to set maximum login and password reset attempts.

Note: The Login plugin is installed with Grav + Admin Plugin by default.

Edit Login Security Settings

  1. Log into Grav.
  2. Select Plugins on the left.
  3. Click the Login plugin name to view its settings and info.
  4. Select the Security tab.
  5. Change the following settings as desired:
    Max password resets count Reset requests allowed at once (0 = unlimited)
    Max password resets interval Minutes to track password resets
    Max logins count Failed login attempts allowed at once (0 = unlimited)
    Max logins interval Minutes to track login attempts

    Grav Login Security settings

  6. Press Save at the upper-right.

Afterwards, schedule backups for worst case scenarios. Learn more about Grav in our Support Center.

Jacqueem Content Writer I

Technical writer focused on cybersecurity and musicianship.

More Articles by Jacqueem

Was this article helpful? Let us know!