Brute force protection

(Ian) #1

It’s great that this has been added to the core, only six years after it was originally in the issue tracker - that puts Matomo way ahead of WordPress, which has been waiting for it for well over a decade!

I haven’t attempted to look at the source code to see if I can work it out, but does it work with IPv6 as well as IPv4?

(Lukas Winkler) #2


I’m pretty sure it supports IPv6, but I am not sure if it just considers completly identical IP-adresses and not ranges.

Check here for the coresponding unit tests.

(Matthieu Aubry) #3

Yes it should do (if not, let us know of course). we’ve also added an FAQ How do I disable brute force authentication security checks for specific IP addresses? FAQ - Analytics Platform - Matomo