Brute force attacks: enable CAPTCHA
Enable and configure modules as required:
CAPTCHA/honeypot can be enabled on:
- public forms, eg contact form
- login form (after a set number of failed attempts)
- forgotten password form
NOTE:
- honeypot is very weak to prevent spammers who use click-farms and actual humans
Ref:
- OWASP: Authentication cheat sheet (brute force/spam): https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#captcha
Edited by Janna