PHPackages pluswerk/secure-login - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. pluswerk/secure-login AbandonedTypo3-cms-extension[Security](/categories/security) pluswerk/secure-login ===================== +Pluswerk TYPO3 extension: Secure Login - brute-force security 1.0.0(8y ago)03.6k↓50%2[2 issues](https://github.com/pluswerk/secure_login/issues)[1 PRs](https://github.com/pluswerk/secure_login/pulls)GPL-3.0+PHPPHP >=5.6.0 Since Feb 16Pushed 5y ago9 watchersCompare [ Source](https://github.com/pluswerk/secure_login)[ Packagist](https://packagist.org/packages/pluswerk/secure-login)[ Docs](https://www.pluswerk.ag)[ RSS](/packages/pluswerk-secure-login/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (1)Versions (2)Used By (0) [![Packagist Release](https://camo.githubusercontent.com/b435e3ed433f1bf337bca0d77adc8c78e72320d370341e55a8971caefa8a68e5/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f706c75737765726b2f7365637572652d6c6f67696e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/pluswerk/secure-login)[![Travis](https://camo.githubusercontent.com/c4f15cc4d2324607b5a03e9c6879e134ceab6ad3f9c6e4044c3ee46f2ce3fa25/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f706c75737765726b2f7365637572655f6c6f67696e2e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.org/pluswerk/secure_login)[![GitHub License](https://camo.githubusercontent.com/b88a2838b6b7b7da35271e18ffd6c072966e658a69438fcacf2a63acfe737aaa/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f706c75737765726b2f7365637572655f6c6f67696e2e7376673f7374796c653d666c61742d737175617265)](https://github.com/pluswerk/secure_login/blob/master/LICENSE.txt)[![Code Climate](https://camo.githubusercontent.com/3dab7cea8cae5d0d703ea4cc144d2d6881900df26562c303383d136d3dffa720/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636c696d6174652f6769746875622f706c75737765726b2f7365637572655f6c6f67696e2e7376673f7374796c653d666c61742d737175617265)](https://codeclimate.com/github/pluswerk/secure_login) +Pluswerk TYPO3 security extension: Secure Login ================================================ [](#pluswerk-typo3-security-extension-secure-login) This extension checks frontend and backend logins for brute-force attacks. You can also detect and avoid brute-force attacks on other inputs, like serial number inputs or coupon code inputs. Say goodbye to the try-out-hackers! #### Advantages [](#advantages) - extendable - small - security improvement - just install and use preset configuration #### Identification of brute-force attacks [](#identification-of-brute-force-attacks) A brute-force attack is identified in accordance with the following rules: 1. An IP tries out lots of different users 2. An user tries out lots of different passwords Is a brute-force attack identified, the attacking IP (in the first case) or user (in the second case) will be blocked over a specific period. Installation ------------ [](#installation) Install the TYPO3 extension via composer (recommended) or install the extension via TER (not recommended anymore). > Composer installation: > > ``` > composer require pluswerk/secure-login > ``` Default configuration --------------------- [](#default-configuration) If no settings are made, the extension blocks users or IPs for two hours if they have more than 5 failed attempts in one hour. Configuration (optional) ------------------------ [](#configuration-optional) ``` // Default configuration: overwrite this in you own localconf.php $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['secure_login'] = [ 'defaultBlockingConfiguration' => [ 'FE' => \Pluswerk\SecureLogin\Configuration\BlockingConfiguration::createConfig(), 'BE' => \Pluswerk\SecureLogin\Configuration\BlockingConfiguration::createConfig(), ], ]; ``` #### Add the following configurations: [](#add-the-following-configurations) - maxFailedAttempts: Max amount of failed logins over specified time period 'timeRangeInSeconds'. - timeRangeInSeconds: Time period (in seconds) over which 'maxFailedAttempts' are counted. - blockingPeriodInSeconds: Time period (in seconds) over which the user or IP are blocked. > ###### Example: > > [](#example) > > one user gets blocked for 'blockingPeriodInSeconds' seconds if he tries out 'maxFailedAttempts' wrong passwords in the time period of 'timeRangeInSeconds' seconds. Extend Extension ---------------- [](#extend-extension) #### Display security messages [](#display-security-messages) The configured blocking is always active. To show security messages in the frontend add the following lines to your template: ``` ``` #### Log fail attempts [](#log-fail-attempts) This sample logs failed logins: ``` $formInDatabase = $this->formRepository->findBySerialNumber($form->getSerialNumber()); if (count($formInDatabase) > 0) { /** @var \Pluswerk\SecureLogin\Configuration\BlockingConfiguration $blockingConfiguration */ $blockingConfiguration = \Pluswerk\SecureLogin\Configuration\BlockingConfiguration::createConfig(); /** @var AuthSecurityService $authSecurityService */ $authSecurityService = GeneralUtility::makeInstance(AuthSecurityService::class); $authSecurityService->logUserPasswordAuthenticationFailed($username, $password); } ``` ### Health Score 31 — LowBetter than 68% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity21 Limited adoption so far Community17 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 50% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 3013d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/471387?v=4)[Matthias Vogel](/maintainers/Kanti)[@Kanti](https://github.com/Kanti) ![](https://www.gravatar.com/avatar/ce27306c234536251754f00414959671d4a775e9cf57cce2f5ea1dca158183d6?d=identicon)[andersundsehr](/maintainers/andersundsehr) ![](https://www.gravatar.com/avatar/c827aa571f8a1d9ae275d1170768f7b8a8cebee149cc9f8efdb0118100728579?d=identicon)[pluswerk](/maintainers/pluswerk) --- Top Contributors [![Kanti](https://avatars.githubusercontent.com/u/471387?v=4)](https://github.com/Kanti "Kanti (8 commits)")[![Lagerregal](https://avatars.githubusercontent.com/u/2297740?v=4)](https://github.com/Lagerregal "Lagerregal (6 commits)")[![Lagerregal42](https://avatars.githubusercontent.com/u/33542979?v=4)](https://github.com/Lagerregal42 "Lagerregal42 (2 commits)") --- Tags loginphpsecuritytypo3typo3-extension ### Embed Badge ![Health badge](/badges/pluswerk-secure-login/health.svg) ``` [![Health](https://phpackages.com/badges/pluswerk-secure-login/health.svg)](https://phpackages.com/packages/pluswerk-secure-login) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41478.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 87117.5M63](/packages/bjeavons-zxcvbn-php)[illuminate/encryption The Illuminate Encryption package. 9229.7M280](/packages/illuminate-encryption)[paragonie/hidden-string Encapsulate strings in an object to hide them from stack traces 7410.6M39](/packages/paragonie-hidden-string) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)