How to limit failed login attempts on Laravel Auth?

Did you know that Laravel Auth program allows you to prevent the customer after X bad tries to log in? Even more, you can modify that limit!

Open App\Http\Controllers\Auth\AuthController.php and add these lines:

Now after five failed login attempts, we should see:

By default, those parameters are equal to 5 times and 60 seconds respectively and can be modified according to the need of the project.

To change the error message we see, go to resources/lang/en/auth.php.

If you’re curious how it works, it’s simple, information about blocked users and the remaining time is stored in session data, not in database or cookies.

Leave a Reply

Your email address will not be published. Required fields are marked *