09 Apr 2018 Access is locked on Magento Connect Manager
As of Magento version 1.9.3, Magento have finally added brute force protection to the downloader folder.
As you may be aware, even if you have changed your default admin path ie to anything other that /admin Magento connection is still accessible at yourdomain.com/downloader.
The Fix
Magento have now added a similar feature into the core of magento. There is a new file in var/ called brute-force.ini which monitors login attempt to Magento Connect Manager.
brute-force-bad-attempts-count = 6 brute-force-diff-time-to-attempt = 360 brute-force-attempts-count = 3
If you see: “Access is locked. Please try again in a few minutes.” Reset the above line to:
brute-force-bad-attempts-count = 0
And you should be able to log in. We still recommend you remove or rename the downloader folder for more complete security.