Search Results :

×
Sign Up Contact Us

Contents

Setup miniOrange Website Security module with Drupal site - Login Security

The miniOrange Website Security module provides login security, registration security, brute force attack prevention, IP monitoring and IP blacklisting, Rate Limiting (DOS attack prevention), strong password enforcement, bot blocking, and more. In this guide, we’ll walk through the configuration of Login Security and demonstrate its functionality. The module is compatible with Drupal 8, Drupal 9, Drupal 10, and Drupal 11.

download plugin button Download plugin pricing button schedule meeting button Schedule a Meeting
  • Download the module: 
    Composer require ' drupal/security_login_secure'
  • Navigate to Extend menu on your Drupal admin console and search for MiniOrange Website Security using the search box.
  • Enable the module by checking the checkbox and click on Install button.
  • Configure the module at 
    {BaseURL}/admin/config/people/security_login_secure/WebsiteSecurityConfiguration
  • Install the module: 
    drush en security_login_secure
  • Clear the cache: 
     drush cr
  • Configure the module at 
    {BaseURL}/admin/config/people/security_login_secure/WebsiteSecurityConfiguration
  • Go to ConfigurationPeopleminiOrange Website Security Configuration in the Administration menu. (/admin/config/people/security_login_secure/WebsiteSecurityConfiguration)
  • Navigate to the Login Security tab to configure the module features.
  • This feature protects your site from attacks by blocking IPs that try to login with random usernames and passwords.
  • To enable this feature, toggle the button of Enable IP Based Brute Force Protection.
Drupal Website Security - Enable IP Based Brute Force Protection
  • Now, enter the following details:
    • Track time to check for security violations (hours): The failed login attempts are tracked for a set number of hours. After that time, they are cleared and no longer counted.
    • Number of login failures before blocking an IP: The number of failed login attempts allowed from an IP before it gets blocked. After that, the IP stays blocked until the admin unblocks it or the time set below.
    • Time period for which IP should be blocked (hours): The number of hours an IP stays blocked. After that, it gets unblocked.
    • Number of login failures before detecting an attack: The number of failed logins from an IP that is treated as an attack. This number must be less than the allowed failed login attempts. After that, the admin gets an alert email. Click the Add Email Notification link to add the email address.
  • Click on the Save Configuration button.
Drupal Website Security - Enter the details for IP Based Brute Force Protection
  • This feature protects your site by blocking users who try to log in with random usernames and passwords.
  • To enable this feature, toggle the button of Enable User Based Brute Force Protection.
Drupal Website Security - Enable User Based Brute Force Protection
  • Now, enter the following details:
    • Track time to check for security violations (hours): The failed login attempts are tracked for a set number of hours. After that time, they are cleared and no longer counted.
    • Number of login failures before blocking an IP: The number of failed login attempts allowed by a user before it gets blocked. After that, the user stays blocked until the admin unblocks it or the time set below.
    • Time period for which IP should be blocked (hours): The number of hours a user stays blocked. After that, it gets unblocked.
    • Number of login failures before detecting an attack: The number of failed logins from a user that is treated as an attack. This number must be less than the allowed failed login attempts. After that, the admin gets an alert email. Click the Add Email Notification link to add the email address.
  • Click on the Save Configuration button.
Drupal Website Security - User Based Brute Force Protection
  • To see reports, navigate to the Reports tab of the module.
  • The Security Log Reports feature provides administrators with comprehensive insights into all security-related events, including failed login attempts, blocked IPs, and locked user accounts. Each log entry includes critical details such as username, IP address, and a timestamped activity log for easy tracking and auditing.
Drupal Website Security - Reports

You can explore our additional features to strengthen your Drupal site's security and expand its functionality.

Explore the additional features offered by the module with full-featured trial. You can initiate the trial request using Request 7-day trial button of the module or reach out to us at drupalsupport@xecurify.com for one-on-one assistance from Drupal expert.

24x7 Support

24/7 Support

The Drupal developers at miniOrange offer quick and active support for your queries. We can assist you from choosing the best solution for your use case to deploying and maintaining the solution.

 Contact us
Case Study

Case Studies

miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly flexible/customizable Drupal solutions.

 Read more
Other Solutions

Other Solutions

Feel free to explore other Drupal solutions that we offer the popular solutions used by our trusted customers include 2FA, User Provisioning, Website Security.

 Know More
ADFS_sso ×
Hello there!

Need Help? We are right here!

support