Brute Force Protection
Wed Admin UI Brute Force Protection
If a user attempts to login with invalid credentials from the same ip address after 10 failed attempts, they will be locked for an hour.
The front end will give you the time that you have left, so if you try to login after you have been locked out, you will see this message:
It also should not matter if you are using a bad username or password, all that matters is that you are trying from the same ip address.
SFTP System Brute Force Protection
The SFTP system will ban an IP address for 5 hours if it has made more than 10 failed authentication attempts within 5 minutes of each other.