PHPackages ralkage/flarum-ext-account-lockout - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. ralkage/flarum-ext-account-lockout ActiveFlarum-extension[Security](/categories/security) ralkage/flarum-ext-account-lockout ================================== Lock user accounts after too many failed login attempts. 1.0.0(1mo ago)00MITPHPPHP ^8.0 Since Mar 28Pushed 1mo agoCompare [ Source](https://github.com/Ralkage/flarum-ext-account-lockout)[ Packagist](https://packagist.org/packages/ralkage/flarum-ext-account-lockout)[ Docs](https://ralkage.com)[ RSS](/packages/ralkage-flarum-ext-account-lockout/feed)WikiDiscussions 1.x Synced 1mo ago READMEChangelogDependencies (1)Versions (4)Used By (0) Account Lockout — Flarum Extension ================================== [](#account-lockout--flarum-extension) Protect your [Flarum](https://flarum.org) forum against brute-force login attacks by automatically locking accounts after too many failed login attempts. Features -------- [](#features) - **Configurable Attempt Threshold** — Set the maximum number of failed login attempts before an account is locked (default: 5) - **Timed Lockout** — Accounts auto-unlock after a configurable duration (5, 10, 15, 30, or 60 minutes) - **Manual Lockout** — Require an admin or moderator to manually unlock accounts - **Password Reset Unlock** — Timed lockouts are automatically cleared when a user resets their password - **Admin Bypass** — Admin accounts are never locked out - **Unlock Controls** — Moderators and admins can unlock accounts from user profiles and the admin users page - **Locked Badge** — Locked users display a badge visible to moderators and admins - **Login Error Messages** — Custom error messages inform users when their account is locked and when they can try again Requirements ------------ [](#requirements) - Flarum `^1.8` - PHP `^8.0` Links ----- [](#links) - [Ralkage](https://ralkage.com) - [GitHub](https://github.com/Ralkage/flarum-ext-account-lockout) - [Packagist](https://packagist.org/packages/ralkage/flarum-ext-account-lockout) Installation ------------ [](#installation) ``` composer require ralkage/flarum-ext-account-lockout ``` Then enable it in your Flarum admin panel under **Extensions**. Configuration ------------- [](#configuration) 1. Go to **Admin → Account Lockout**. 2. Set the **Maximum Failed Login Attempts** (default: 5). 3. Choose a **Lockout Mode**: - **Timed** — Accounts auto-unlock after the configured duration. - **Manual** — Accounts stay locked until an admin or moderator unlocks them. 4. Set the **Lockout Duration** (only applies in timed mode). 5. Assign the **Unlock locked accounts** permission to the appropriate groups. License ------- [](#license) MIT — see [LICENSE](LICENSE). ### Health Score 36 — LowBetter than 82% of packages Maintenance90 Actively maintained with recent releases Popularity0 Limited adoption so far Community6 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 4 Last Release 46d ago Major Versions 1.x-dev → 2.x-dev2026-03-28 PHP version history (2 changes)1.0.0PHP ^8.0 2.x-devPHP ^8.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/4415106be37759e15d2f1304df343a37e478dad0f832b6f35860631ffc9b6afb?d=identicon)[Ralkage](/maintainers/Ralkage) --- Top Contributors [![Ralkage](https://avatars.githubusercontent.com/u/2059356?v=4)](https://github.com/Ralkage "Ralkage (4 commits)") --- Tags securityloginbrute forceflarumlockout ### Embed Badge ![Health badge](/badges/ralkage-flarum-ext-account-lockout/health.svg) ``` [![Health](https://phpackages.com/badges/ralkage-flarum-ext-account-lockout/health.svg)](https://phpackages.com/packages/ralkage-flarum-ext-account-lockout) ``` ### Alternatives [codeconsortium/ccdn-user-security-bundle CCDN User Security Bundle 60100.7k](/packages/codeconsortium-ccdn-user-security-bundle)[maba/gentle-force-bundle Symfony bundle that integrates gentle-force library for limiting both brute-force attempts and ordinary requests, using leaky/token bucket algorithm, based on Redis 53517.6k1](/packages/maba-gentle-force-bundle)[maba/gentle-force Library for limiting both brute-force attempts and ordinary requests, using leaky/token bucket algorithm, based on Redis 45591.0k2](/packages/maba-gentle-force)[anyx/login-gate-bundle Checking brute force attacks on site 59339.5k](/packages/anyx-login-gate-bundle)[websoftwares/throttle Ban identifier after certain amount of requests in a given timeframe. 1249.7k](/packages/websoftwares-throttle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)