Print Page - How to configure rate limiting for login attempts in Plesk?

Title: How to configure rate limiting for login attempts in Plesk?
Post by: senthil on Sep 27, 2025, 03:57 AM

Question

How to configure rate limiting for login attempts in Plesk?

Answer
Starting with Plesk Obsidian 18.0.70, Plesk supports rate limiting for login attempts. This feature is enabled by
default on all installations, and can be additionally customized via Panel.ini Editor extension with the following
options in the [security] section:

Option "bruteforceProtection.enabled". This option defines whether brute force protection is enabled or not.
(Default value true)
Option "bruteforceProtection.rateLimit". This option defines the number of failed login attempts per IP
address.(Default value 5)
Option "bruteforceProtection.rateLimitPeriod". This option defines the period in seconds for catching the
failed attempts.(Default value 300)

Example:

Code Select

[security]
bruteforceProtection.enabled = true
bruteforceProtection.rateLimit = 5
bruteforceProtection.rateLimitPeriod = 300

Based on these settings, if the client has five failed login attempts, the next attempts will not be
processed for 300 seconds starting with the first failed attempt.

Additional information
Protection Against Brute Force Attacks

[/list]

Cobra Forum

Plesk Panel => Others => Topic started by: senthil on Sep 27, 2025, 03:57 AM