Wiki Spaces


Get Help from Others

Q&A: Ask OpenMRS
Discussion: OpenMRS Talk
Real-Time: IRC Chat | Slack


Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Users are locked out of OpenMRS for 30 5 minutes after 7 incorrect password attempts.
    • Number of attempts and last attempted time are stored as a user property. The Edit User administration page will allow you to edit the current user's properties. (Alternatively, you can clear the rows in the user_property table for that user. Since OpenMRS v1.10 the number of allowed failed login attempts can be set using the security.allowedFailedLoginsBeforeLockout global property found under Settings->Security section of the web application
  • IP addresses are locked out after 10 username/password attempts.
    • The number of attempts per IP are left in memory on the server in the LoginServlet. Restart OpenMRS to clear this variable.