Doesn't the install file check if the username/email matches the one on records for the installation domain at xenforo.com? That should be enough I would think. And then ask for password.
If failing to enter the username 1 or 2 times, issue a 1 hour lockout for the offender. Most browsers will have it stored in autocomplete once you enter it correctly once and ask it to save.
If failing to enter the username 1 or 2 times, issue a 1 hour lockout for the offender. Most browsers will have it stored in autocomplete once you enter it correctly once and ask it to save.
