.htaccess and stop the password tries

searain

To improve the security and stop the password tries in the .htaccess protected folder, HOW can I disable a .htpasswd user if in a short time, this user's password has been typed in wrong for 10 times?

HalfaBee

You could make the unathorised page a php script and keep track of errors from there.
Rename the .htpasswd file and that will lock down the page.

HalfaBee

searain

Will that be easy if I just forget the .htaccess and .htpasswd?

I can create my own user database to hold the user id and password, and check the password and user id (cookie and session to pass the password and user id values) at every page of the protected folder.

Then I can program easily to check to see if certain user id has been tried several times in a short time. So the program page can disable that user and also alert the server master by sending out an e-mail. At the same time, the user could be alerted that his user id is disabled due to so many failed tries on screen or by e-mail too.

And in that user database, I can encrypt the password to be safe.

Will this approach be better than the .htaccess and .htpasswd? Which approach is safer, or at least no difference?

Could any one give some other approaches?

Thanks!