"Rate limit exceeded" error message when log in


One of my customer try to connect to a Kirby 3.6 website I’ve made recently and he get a “Rate limit exceeded” error message.

I do not have this problem from my computer.

If he tries to connect with a wrong login/psw, is it an expected error message after several attempts?

Does anyone have a possible explanation?

This message is thrown in 2locations, in the validateEmail() method and in the verifyChallenge() method. Since your customer is loggin in with email, not with code, I assume it comes from the validateEmail() method when the IP is blocked after too many attempts to log in.

Yep, Kirby limits login attempts by IP address and by email address. This is also why you don’t get the same error from your IP address and with your email address.

You can reset the rate limit by deleting the site/accounts/.logins file on the server.

Thanks @texnixe and @lukasbestle for these explanations. I think my customer tried to connect with a wrong log/psw, I will check closer with him.

i don’t see a .logins file. is there another way to reset the ‘Rate limit exceeded’ error?

The tries are only stored in the .logins file. Because its filename starts with a dot, it may be hidden. Please check if you enabled the display of hidden files.

all i see in the site/accounts are the individual account folders, no .logins file. i can see other files that start with a dot (eg: .htaccess) so i know that’s not the issue. my client is running into this same ‘Rate limit exceeded’ error and i need to reset it.


fyi, i’m running Kirby version 3.6.2 if that’s helpful

i refreshed the directory listing and sure enough, the .logins file appeared. not sure what happened. thanks for your response!