PHPackages                             saav-tek/yii2-login-wd - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. saav-tek/yii2-login-wd

ActiveYii2-extension[Security](/categories/security)

saav-tek/yii2-login-wd
======================

Lock a user account and disable login after a given number of consecutive failed attempts.

018PHP

Since Apr 25Pushed 5y ago1 watchersCompare

[ Source](https://github.com/saav-tek/yii2-login-wd)[ Packagist](https://packagist.org/packages/saav-tek/yii2-login-wd)[ RSS](/packages/saav-tek-yii2-login-wd/feed)WikiDiscussions main Synced 2d ago

READMEChangelogDependenciesVersions (1)Used By (0)

Login Watchdog Extension
========================

[](#login-watchdog-extension)

Keep track of failed login attempts, and lock a user account and disable login after a given number of consecutive failed attempts.

The main functionality is implemented as validation rules.

- 'Lock' is the validation rule to use on the 'password' attribute of the LoginForm model to monitor for login attempts and lock accounts after a certain number of failed attempts.
- 'Unlock' is an optional validation rule that can be used on the ResetPasswordForm model to allow users to self-unlock their accounts when resetting their password.

Additionally, there are two helper static functions:

- Unlock::User() can be called from a Controller or Model to unlock a specific user.
- Unlock::All() can be called from a Controller or Model to unlock ALL users (delete all login attempts).

Original idea based on this behavior:

Installation
------------

[](#installation)

The preferred way to install this extension is through [composer](https://getcomposer.org/download/).

Either run

```
php composer.phar require --prefer-dist saavtek/yii2-login-wd "*"

```

or add the following line to the require section of your `composer.json` file.

```
"saavtek/yii2-login-wd": "*"

```

Requirements
------------

[](#requirements)

To use this extension, the \[\[yii\\redis\\Connection|Connection\]\] class must be configured in the Application configuration:

```
return [
    //....
    'components' => [
        'redis' => [
            'class' => 'yii\redis\Connection',
            'hostname' => 'localhost',
            'port' => 6379,
            'database' => 0,
        ],
    ]
];
```

For more details, please refer to the Redis extension documentation:

Usage
-----

[](#usage)

### Validation

[](#validation)

To limit login attempts, and lock accounts after repeated failed attempts, add the 'Lock' validation rule at the END of your LoginForm model rules(), after the password has been validated:

```
[
    'password', // The atribute to be validated
    \saavtek\LoginWD\Lock::className(), // The 'Lock' rule
    'skipOnError' => false,  //MANDATORY so that this validation rule is not skipped
    'attempts' => 5, // Optional - Max attempts alowed, default is 5 attempts
    'lockDuration' => 900, // Optional - Number of Seconds to disable login after exceeding `attemps`, default is 900 seconds
    'usernameAttribute' => 'username', // Optional - The attribute used for identifying a user for login, default is 'username'
]
```

Everytime a user fails to login (wrong username or password), an internal counter will be incremented. When a user fails to login 'attempts' times, the account will be locked for 'lockDuration' seconds.

If desired, add the Unlock validation rule at the END of your ResetPasswordForm model rules() to allow the user to self-unlock the account when reseting his/her password

```
[
    'password', // The atribute to be validated
    \saavtek\LoginWD\Unlock::className(), // The 'Unlock' rule
    'username' => $this->_user->username, //MANDATORY - the username used for login. In this example, it is being obtained from the model's $_user private var
    'usernameAttribute' => 'username', // Optional - The attribute used for identifying a user for login, default is 'username'
]
```

### Maintenance

[](#maintenance)

You can call the Unlock::User() static function from a Controller to unlock a particular user:

```
\saavtek\LoginWD\Unlock::User($username, $category, $usernameAttribute)
```

Where:

- $username is the value of the usernameAttribute used for login (REQUIRED).
- $category is the category used for logging (optional, default is null, which will generate a log with 'application' category).
- $usernameAttribute is the attribute used for identifying a user for login (optional, default is 'username').

You can call the Unlock::All() static function from a Controller to delete all the existing attempts

```
\saavtek\LoginWD\Unlock::All();
```

You can use the LoginAttempt model for other common AR operations:

```
use \saavtek\LoginWD\models\LoginAttempt;

$totalAttempts = LoginAttempt::find()->sum('attempts');
$uniqueAttempts = LoginAttempt::find()->count();
$lockedAccounts = LoginAttempt::find()->where(['>', 'lock_until', time()])->count();
```

###  Health Score

17

—

LowBetter than 6% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity6

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity30

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://www.gravatar.com/avatar/afa7a1c637a8e0712e5f2906c5364983fd21c87d56d610cbd6ccc87e8b6cd7dd?d=identicon)[saas](/maintainers/saas)

---

Top Contributors

[![saav-tek](https://avatars.githubusercontent.com/u/78621985?v=4)](https://github.com/saav-tek "saav-tek (7 commits)")

### Embed Badge

![Health badge](/badges/saav-tek-yii2-login-wd/health.svg)

```
[![Health](https://phpackages.com/badges/saav-tek-yii2-login-wd/health.svg)](https://phpackages.com/packages/saav-tek-yii2-login-wd)
```

###  Alternatives

[defuse/php-encryption

Secure PHP Encryption Library

3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories

Prevents installation of composer packages with known security vulnerabilities: no API, simply require it

2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs

A PHP library for XML Security

41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php

Realistic password strength estimation PHP library based on Zxcvbn JS

86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker

A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

33732.2M110](/packages/enlightn-security-checker)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)