Joomla brute force protection?

Does the comodo waf protect against user and administrator (backend) login brute force attempts?

Yes, it protects. Take a look into “userdata_login_pages” file and make sure you have enabled Bruteforce protection group.

Perfect! I had been getting a lot of false positives because I didn’t know if the WAF did protect against that. I added /administrator/index.php to the BF section of the config and lots of complaints. Now I understand why that was happening.


I’m sorry but i don’t get it

Should i put /administrator/index.php in the whitelist section of admin in order to get bruteforce protection in joomla, or it is ok lo leave as it is?

is somewhat confusing, whitelist is often used to do the opposite, to exclude it from protection.

Thanks in advance.

Leave as is :slight_smile: