By default SuiteCRM has login throttling enabled to trigger after 3
failed attempts.
If the user fails to login that number times in a row, a message will be displayed explaining that the max number of attempts has been reached. The user will have to wait at least a minute before they can try to login again.
The number of attempts is configured on the LOGIN_THROTTLING_MAX_ATTEMPTS
.env property, which can be changed on the .env.local.
SuiteCRM is using Symfony’s login throttling mechanism. For more options and ways to configure see Symfony Security - Limiting Login Attempts section
Content is available under GNU Free Documentation License 1.3 or later unless otherwise noted.