How do I disable brute force authentication security checks for specific IP addresses?
When you are getting the message You are currently not allowed to log in because you had too many failed logins, try again later.
it is because the Matomo brute force detection was triggered.
You can workaround this issue by whitelisting your IP address in Matomo > Administration > General Settings > Login, under the setting called « Never block these IPs from logging in ». If you enter your IP address in this field and then click Save, this will disable the brute force detector feature, and you shouldn’t get the error message « you are currently not allowed to log in » anymore.
For reference, here is what the Login settings look like:
Other options
If you cannot log in to make this change, try these things:
- connect to your Matomo using a different network (for example using your phone’s data)
- wait for an hour to be able to log in again
- or temporarily allow your own IP through the config file by adding below config to your
config/config.ini.php
. Please note this will overwrite any previously configured IP in the UI:
[Login]
whitelisteBruteForceIps[] = "EnterYourIpAddress"
To find the cause of the Brute Force detection blocking an IP, please see our FAQ: How do I find the cause of the Brute Force detection blocking access from a specific IP?