Max login attempts per hour
Auto-ban the client IP after this many failed logins per hour. Empty disables. Separate from captcha.
Max login attempts per hour
Auto-ban the client IP after this many failed logins in one hour (password spraying defense).
Where to find it
Admin → Settings → Settings (first tab) → Captcha & abuse → Max login attempts per hour
Setting key: max_login_attempts_h
Empty = off. When set, minimum is typically 2.
How it works
Counts failed attempts from an IP (known and unknown usernames). Separate from Captcha on login — captcha challenges; this bans the IP.
Manage bans under Admin → Users → bans / banned IPs.
Common problems
Office / NAT users lock each other out
Many people share one public IP. Raise the number or clear bans when support spikes.
You banned yourself
Use another network, or remove the ban from an already-logged-in admin session / server access.