Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Tim 1193 posts 2675 karma points MVP 2x c-trib
    Aug 31, 2010 @ 17:24

    Admin User Account Lockout


    Is it possible to lock out admin (back office accounts) afte x amount of failed login attempts? the provider looks like it has the methods for it, but the database doesn't seem to have any lockout fields. Is this something that's actually been implemented?





  • Chris Houston 535 posts 980 karma points MVP admin c-trib
    Sep 22, 2010 @ 11:06
    Chris Houston

    Hi Tim,

    Did you get anywhere with this one?



  • Tim 1193 posts 2675 karma points MVP 2x c-trib
    Sep 23, 2010 @ 09:49

    No, it doesn't look like it's been implemented. I was looking into it for similar reasons to you (security/complaince concious client). In the end we just added a captcha to the login page to stop automated login attempts, and locked the access to the /umbraco folder down with IIS to their IP address range.

    Its still something I'd like to see done though, if I get any free time, I might try writing a provider that overrides the existing one and adds the functionality. As a temporary thing, it might be possible to hook into the authentication events and add something to the umbraco log, just to show failed logins. That's something else I've been toying with, but haven't got round to trying out yet! I'll let you know if I get anywhere with this.......


  • Steve Temple 63 posts 324 karma points MVP 2x c-trib
    Jul 10, 2013 @ 23:39
    Steve Temple

    Hi, I know this is an old thread, but for anyone finding this from Google, I've written a package for this:



Please Sign in or register to post replies

Write your reply to: