PHPackages                             ejfrancis/brute-force-block - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. ejfrancis/brute-force-block

ActiveLibrary[Security](/categories/security)

ejfrancis/brute-force-block
===========================

Brute force attack prevention class.

447310[1 issues](https://github.com/ejfrancis/brute-force-block/issues)PHP

Since Jun 3Pushed 8y ago10 watchersCompare

[ Source](https://github.com/ejfrancis/brute-force-block)[ Packagist](https://packagist.org/packages/ejfrancis/brute-force-block)[ RSS](/packages/ejfrancis-brute-force-block/feed)WikiDiscussions master Synced today

READMEChangelogDependenciesVersions (1)Used By (0)

BruteForceBlock
===============

[](#bruteforceblock)

Automatic brute force attack prevention class with PHP. Stores all failed login attempts site-wide in a database and compares the number of recent failed attempts against a set threshold. Responds with time delay between login requests and/or captcha requirement.

Implementation by Evan Francis for use in [AlpineAuth](https://github.com/ejfrancis/AlpineAuth) library, 2014.

Inspired by work of Corey Ballou, .

MIT License

Installation
------------

[](#installation)

The recommended way to install is using composer, with the following require:

`"ejfrancis/brute-force-block": "dev-master"`

You can also download the classfile `BruteForceBlock.php` and include it manually.

Setup
-----

[](#setup)

1. Setup database connection in `$_db` array.

- The `auto_clear` option determines whether or not older database entries are cleared automatically

2. (optional) set default throttle settings in `$default_throttle_settings_array`

NOTE: The throttle settings should be determined by the size and activity of your user base. The default settings **should not be relied on.**

\##To Create MySQL Database Use the included `user_failed_logins.sql` file or the following statement:

```
CREATE TABLE IF NOT EXISTS `user_failed_logins` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `user_id` bigint(20) NOT NULL,
  `ip_address` int(11) unsigned DEFAULT NULL,
  `attempted_at` datetime NOT NULL,
  PRIMARY KEY (`id`)
) DEFAULT CHARSET=utf8;

```

Usage
-----

[](#usage)

1. Build the throttle settings, based off your userbase's size and activity

```
//# failed login attempts => throttle action
$throttle_settings = [
  50 => 2, 			//delay in seconds
  150 => 4, 			//delay in seconds
  300 => 'captcha'	//captcha
];
```

2. Get the login status. Use this when building your login form

```
$BFBresponse = ejfrancis\BruteForceBlock::getLoginStatus($throttle_settings);

switch ($BFBresponse['status']){
	case 'safe':
		//safe to login
		break;
	case 'error':
		//error occured. get message
		$error_message = $BFBresponse['message'];
		break;
	case 'delay':
		//time delay required before next login
		$remaining_delay_in_seconds = $BFBresponse['message'];
		break;
	case 'captcha':
		//captcha required
		break;

}
```

### Add a failed login attempt

[](#add-a-failed-login-attempt)

```
$BFBresponse = ejfrancis\BruteForceBlock::addFailedLoginAttempt($user_id, $ip_address);
if($BFBresponse !== true){
	//get error
	$error_message = $BFBresponse;
}
```

### Clear the database

[](#clear-the-database)

```
$BFBresponse = ejfrancis\BruteForceBlock::clearDatabase();
if($BFBresponse !== true){
	//get error
	$error_message = $BFBresponse;
}
```

###  Health Score

26

—

LowBetter than 43% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity22

Limited adoption so far

Community16

Small or concentrated contributor base

Maturity41

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 81% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/3171352?v=4)[Evan Francis](/maintainers/ejfrancis)[@ejfrancis](https://github.com/ejfrancis)

---

Top Contributors

[![ejfrancis](https://avatars.githubusercontent.com/u/3171352?v=4)](https://github.com/ejfrancis "ejfrancis (17 commits)")[![dgadelha](https://avatars.githubusercontent.com/u/10081640?v=4)](https://github.com/dgadelha "dgadelha (4 commits)")

### Embed Badge

![Health badge](/badges/ejfrancis-brute-force-block/health.svg)

```
[![Health](https://phpackages.com/badges/ejfrancis-brute-force-block/health.svg)](https://phpackages.com/packages/ejfrancis-brute-force-block)
```

###  Alternatives

[defuse/php-encryption

Secure PHP Encryption Library

3.9k162.4M212](/packages/defuse-php-encryption)[roave/security-advisories

Prevents installation of composer packages with known security vulnerabilities: no API, simply require it

2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k16.7M112](/packages/mews-purifier)[robrichards/xmlseclibs

A PHP library for XML Security

41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php

Realistic password strength estimation PHP library based on Zxcvbn JS

86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker

A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

33732.2M110](/packages/enlightn-security-checker)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)