Laravel Too Many Login Attempts: Restrict and Customize

One of the less-known Laravel features is Login throttling. By default, if user tries to log in via default Laravel login form more than 5 times per minute, they will get different error message.

Yes, the error isn’t just “wrong password”. It’s “Too many login attempts. Please try again in X seconds.”

By default, that X is 60, so Laravel restricts login attempts for one minute. But you can customize it.

In your app/Http/Controllers/Auth/LoginController.php, you can add two properties:

class LoginController extends Controller
    protected $maxAttempts = 3; // Default is 5
    protected $decayMinutes = 2; // Default is 1

    // ...

These properties will override the defaults, so you can specify less/more attempts allowed per minute, and shorter/longer restriction time.

Notice: The throttling is unique to the user’s username / e-mail address and their IP address.

Like our articles?
Check out our Laravel online courses!



Please enter your comment!
Please enter your name here