Articles on: Getting Started (WebPro)

How to integrate Login Protection in PHP websites?

If you're using a CMS such as WordPress, OpenCart, Magento, Prestashop etc. then the Login Protection module is already enabled, and there is nothing you have to do. However, if you are using a custom PHP website, or use a framework such as Laravel, Symfony etc. then you will have to integrate the Login Protection module by adding a few lines of code to your website.

Before making the following changes, please ensure that you have entered the Activation Code in the Website Protection plugin page.

Step 1 - Find the Login Controller in your application

Find the PHP file where the logic for Admin User Login is written, and add the following PHP function to it. If you are not using Object-oriented programming (Classes) then you will have to update the code accordingly.

Don't forget to update the path to your Astra installation (with trailing slash) in the $astraCorePath variable.

private function updateAdminLoginStatus($data)

    $astraCorePath = 'replace this with the path to getastra-premium folder' . DIRECTORY_SEPARATOR;
    if (file_exists($astraCorePath . DIRECTORY_SEPARATOR . 'autoload.php'))
        $astraLoginPluginPath = $astraCorePath . 'plugins/LoginProtectionPlugin/LoginProtectionPlugin.php';
        if (!class_exists('LoginProtectionPlugin') && file_exists($astraLoginPluginPath))
            include_once $astraLoginPluginPath;

        $options = $this
        $siteSettings = $options->get('siteSettings');

        if (!$siteSettings)

        $astraEnabled = $siteSettings['protectionEnabled'] ?? false;
        $loginProtectionEnabled = $siteSettings['loginProtection'] ?? false;

        if ($astraEnabled && $loginProtectionEnabled)
            $this->astraLoginModule = new LoginProtectionPlugin($this->astraContainer);

Step 2 - Add code to capture Successful Logins

Now find the code where the login has been verified, and the user is successfully logged in. Add the following code snippet, after setting the correct variables for the username, email, full name.

    'success' => true,
    'username' => $username,
    'email' => $email,
    'displayName' => $fullName,

Step 3 - Add code to capture Failed Logins

Now find the code where it is determined that the login has failed. Add the following code snippet, after setting the correct variables for the email.

    'success' => false,
    'username' => $email,

Step 4 - Verify Changes

After making these changes, please try to perform a successful & failed login attempt on your website and verify that they are visible on the Login Protection tab in the Astra Dashboard for the respective website.

Updated on: 25/07/2022

Was this article helpful?

Share your feedback


Thank you!