Suggestion: Improve failed login attempts management

[Goalfair]

(Joomla 4)

• Add option(s) to delete entries from the list.
• Add option to add entries to list of blocked IPs.
• Add option to change number of displayed entries (seems to be in "logs" right now?)

[codeling]

Thanks for your input, and sorry for the late reply! Regarding the proposed options, here are my remarks/questions:

• Add option(s) to delete entries from the list (I assume you mean the "Failed Logins" list?). The list is meant as a log of failed logins, not as something to be modified frequently or even infrequently. I don't really see the use case for needing this, maybe you could share the use case you have in mind? The only thing where this should be required is in specialized experiments by a super user - who should know what he's doing and either should have access to the database where he can delete entries directly in the according table, or who should do the experiments on a non-production server where he has such access. Added: There is an option to delete old entries automatically - see the "Prune old attempts" option of the plugins "Advanced" options (the value is in weeks; seems the tooltips I had in place in Joomla 3 describing these options are no longer shown in J4 - I will look into that in #198)

• "Add option to add entries to list of blocked IPs." This option already exists - see the "New" button on top of the "Blocked IPs" lists

• "Add option to change number of displayed entries (seems to be in "logs" right now?)" - the lists except for the "logs" already take into account the Joomla-wide limit for table entries - see Global Configuration - Site - Default List Limit. I'm not sure it makes sense to add a separate option for this in bfstop. Added: I have added a section on this in the frequently asked questions, and am considering to add an override control to each page in a future version

[codeling]

@Goalfair I have added a separate issue to address your point 3 (see issue linked to above) to better be able to track this individual item. As for the other items, I currently don't see a need to do something (and would close the issue soon). Or do you have input on use cases for your point 1, or feedback on whether my answer to your point 2 is satisfactory?

[Goalfair]

Thanks for the reminder. Regarding the list of failed logins I am suggesting an option to delete these logs manually via the Joomla dashboard (without having to edit the database) - basically a button or similar on the same page as the list. The icing on the cake would be some additional settings like "delete entries which are older than X days" or "delete entries containing certain IP/username/source". But I guess this would be a bit too much. The advanced options with the auto-delete settings I have found, I guess this would allow me to manually delete entries as well, for example by setting it to 1 week temporarily, then changing it back to 0? Maybe instead of a dropdown you should allow the user to type a number. As you mentioned the "inline help" is disabled by default (should be enabled by default IMO).

Issue number 2 seems to be working (or I was missing something before), Issue number 3 is a suggestion to move the single setting (show lines), which is now in "Logs" to either "Settings" or Failed logins" (after all the list of failed login attempts is the "log" this setting is related to). I guess what I am trying to say is that in general the options and settings are a bit all over the place right now - most of them can be found in the plugin-settings, however there is no mention of their whereabouts in the component interface/menu (where an average user would probably look for them). Instead there is a settings menu item, which is mostly empty, and probably should either simply contain a link to the plugin settings or the plugin settings should be moved there.

[codeling]

Regarding the list of failed logins I am suggesting an option to delete these logs manually via the Joomla dashboard (without having to edit the database) - basically a button or similar on the same page as the list. The icing on the cake would be some additional settings like "delete entries which are older than X days" or "delete entries containing certain IP/username/source". But I guess this would be a bit too much.

I see. I guess a button to trigger a "delete entries older than..." functionality could be useful; as well as a pointer to the setting for automatic deletion of old entries!

The advanced options with the auto-delete settings I have found, I guess this would allow me to manually delete entries as well, for example by setting it to 1 week temporarily, then changing it back to 0?

I haven't explicitly tested this but it should work, yes.

Maybe instead of a dropdown you should allow the user to type a number.

I'll consider it for the rewrite, see below.

Issue number 3 is a suggestion to move the single setting (show lines), which is now in "Logs" to either "Settings" or Failed logins" (after all the list of failed login attempts is the "log" this setting is related to).

I think you are misunderstanding something there - the "Show lines" option under Logs really only affects how many lines of the log file are shown.

I guess what I am trying to say is that in general the options and settings are a bit all over the place right now - most of them can be found in the plugin-settings, however there is no mention of their whereabouts in the component interface/menu (where an average user would probably look for them). Instead there is a settings menu item, which is mostly empty, and probably should either simply contain a link to the plugin settings or the plugin settings should be moved there.

I hear you - and there is an issue for improving this, but I unfortunately haven't found the time yet to tackle it!

[codeling]

@Goalfair with the release of 1.5.1, the last open thing not covered by any other issue is a better way to clean up entries; to track this separately, and to avoid confusion that would occur if we reuse this already quite lenghty issue for that, I've created a separate entry for this, see #214. Feel free to comment if I've overlooked something!