Laravel Too Many Login Attempts: Restrict and Customize

One of the less-known Laravel features is Login throttling. By default, if user tries to log in via default Laravel login form more than 5 times per minute, they will get different error message.

Yes, the error isn’t just “wrong password”. It’s “Too many login attempts. Please try again in X seconds.”

By default, that X is 60, so Laravel restricts login attempts for one minute. But you can customize it.

In your app/Http/Controllers/Auth/LoginController.php, you can add two properties:

class LoginController extends Controller
    protected $maxAttempts = 3; // Default is 5
    protected $decayMinutes = 2; // Default is 1

    // ...

These properties will override the defaults, so you can specify less/more attempts allowed per minute, and shorter/longer restriction time.

Notice: The throttling is unique to the user’s username / e-mail address and their IP address.

Like our articles?
Check out our Laravel online courses!


  1. Hello! Thank you for the helpful information!
    Will this work for restricting too many Registration attempts? Any tips about this problem?


Please enter your comment!
Please enter your name here