Security - Admin

IP Address *

Reason (optional)

Expires

Controls how many failed login attempts are allowed before temporarily locking an account. Changes take effect immediately without restart.

Max failed attempts Attempts before lockout triggers

Attempt window (minutes) Failures counted within this window

Lockout duration (minutes) How long the account stays locked

Note: Max values take effect immediately. The time window (15 min / 1 hr) is fixed and requires a server restart to change.

Registration attempts Per IP per hour

Auth requests Per IP per 15 minutes (all /auth/* routes)

Password reset attempts Per IP per hour

Global API limit Per IP per 15 minutes (all /api/* routes)