WebMail Lite Documentation

Blocking user after multiple failed login attempts

It is possible to configure WebMail Lite so that user will be locked out and won't be able to login upon multiple failed login attempts, they would get an error message of the following kind:

Blocked user

The feature is enabled by setting the following option to true in data/settings/modules/Core.config.json file:

"EnableFailedLoginBlock": [
    "Setting to true enables feature of blocking user after a number of failed login attempts"

NB: If your configuration file doesn't have such an option, try pressing "Update configuration" button in Database Settings screen of admin interface.

Please note that user access is blocked from their current IP address. They can still try logging into the WebMail Lite installation from another location.

The same configuration file also holds two more options for fine-tuning this functionality:

"LoginBlockAvailableTriesCount": [
    "Number of failed login attempts which will result in blocking user"
"LoginBlockDurationMinutes": [
    "Number of minutes user will be blocked for upon multiple failed login attempts"

These settings control a number of failed login attempts, and block duration in minutes, respectively.