Max login IPs per hour
Auto-ban an account that succeeds from this many distinct IPs in one hour.
Max login IPs per hour
Auto-ban an account that logs in successfully from this many distinct IPs within one hour.
Where to find it
Admin → Settings → Settings (first tab) → Captcha & abuse → Max login IPs per hour
Setting key: max_login_ips_h
Empty = off. When set, minimum is typically 2.
How it works
Fires on successful password login (before the session fully settles), not on failed attempts. Catches credential stuffing from many places. Travelers, mobile networks, and VPNs can trip a very low number.
This is not the same as Max login attempts per hour (IP ban on failures).
Common problems
Traveling users get banned
Raise the threshold, or clear the user ban and explain VPN/mobile IP changes.