Blocking access to the login page after three unsuccessful login attempts

Sometimes you need to add an extra protection to password-protected website. This article explains how access to the login page can be restricted after three unsuccessful login attempts. This schema uses visitors IP address to store log attempts in the database and block access to login feature for 30 minutes after third unsuccessful attempt.


1. In MSSQL/MySQL Server run the following script to create table in your database that logs login attempts.

MSSQL Server Query

MySQL Server Query

2. Open your ASPRunnerPro/PHPRunner project.

3. Proceed to Security tab.

4. Check Database option and choose appropriate fields. If you have no table in which all of the login details are stored you have to create it.

5. Add three global events on the Events tab: BeforeLogin, AfterSuccessfulLogin, AfterUnsuccessfulLogin:

ASPRunner Example

PHPRunner Example

6. Build your ASPRunnerPro/PHPRunner project and view generated files in your favourite browser.

Now, visitors have to enter their username and password to gain access to the site. After third unsuccessful login attempt access will be denied for 30 minutes. When visitor try to login when account is blocked he will see message saying access is denied.

Applies to:

  • ASPRunner.NET
  • PHPRunner
  • ASPRunnerPro

Back to top