WHMCS allows you to ban IP addresses and email domains. You can also configure automatic bans for users who exceed the maximum number of failed login attempts.

• You can view and manage the list of banned IP addresses at Configuration () > System Settings > Banned IPs.
• You can view and manage the list of banned email domains at Configuration () > System Settings > Banned Emails.

Auto Ban Control

By default, WHMCS blocks any user IP addresses that attempt to log in to the Admin Area using an incorrect password three or more times. The length of this ban, by default, is 15 minutes.

You can alter the length of this ban in the Security tab at Configuration () > System Settings > General Settings.