Roundcube plugin that enforces reCAPTCHA for users that have too many failed logins
PHP CSS JavaScript


Rouncube rcguard plugin

This plugin logs failed login attempts and requires users to go through
a reCAPTCHA verification process when the number of failed attempts
reaches a pre-defined limit. This provides protection against automated

Failed attempts are logged by IP and stored within the database. IPs are
also released after a specific amount of time or when a user
successfully logs in.

Place this directory under plugins/, and enable rcguard within the main
configuration file.

Copy to and modify as necessary.

Use the files within SQL/ to create the database layout required for
rcguard. The table should be created in the database used by Roundcube.

Please note that this plugin requires reCAPTCHA keys to work properly.
They can be obtained from

Customizing reCAPTCHA
Different themes and translations are available. If none of them fit
your needs, create a custom one.

Simply edit rcguard.js. For documentation, see:

Supported databases
- PostgreSQL
- SQLite

This plugin is distributed under the BSD license. Please see rcguard.php
for the complete license.

This plugin also contains a PHP library for reCAPTCHA that is
distributed under its own license. See the file for exact details.

For bugs and other problems, please create an issue on GitHub
( and include relevant information
such as Roundcube and rcguard versions as well as the database you are
using. Turning on logging for rcguard may also produce useful output.

Comments and suggestions are welcome.