Bernhard Froehler

Creating a separate database for this purpose I currently believe would come with more hassle than its worth (required money to run, effort for administration, potential legal issues etc.). I've...

> Will this work with Litespeed? I have not had the chance to test bfstop with litespeed (and currently no time/plans to do so in the near future). The test...

The purging option is only about purging failed logins, old banned IP entries, and old unblock entries (in the database). What you show is the log file ([joomla-log-directory]/plg_system_bfstop.log.php) - there...

Current Ideas for adapting the allowed numbers of failed logins include: - if IP is whitelisted for given user (whitelisted -> allow more attempts, see also https://github.com/codeling/bfstop/issues/24#issuecomment-66806939) - if geolocation...

This would more or less follow similar ideas as [Risk-Based Authentication (RBA)](https://en.wikipedia.org/wiki/Risk-based_authentication).

On the security side such blocking might have a benefit, yes. But on the other hand it also has the potential to lock out legitimate users, so I'm not sure...

It could be an interesting extension, at least optionally. Unfortunately I really have very limited time at the moment. If you end up implementing this, and want to make it...

Thanks for the input! I haven't given this much thought, and might consider to in some future version of bfstop adding an option for only disabling login for some time....

> Don't forget that normal Users will care as much about the website warring as they care about the Cookie popups. True. As I said, I'll consider to add it...

The best idea would probably to have an alternate mode in which the login form is completely disabled for a blocked user. This would however require a much more involved...