One of the less-known Laravel features is Login throttling. By default, if user tries to log in via default Laravel login form more than 5 times per minute, they will get different error message.
Yes, the error isn’t just “wrong password”. It’s “Too many login attempts. Please try again in X seconds.”
By default, that X is 60, so Laravel restricts login attempts for one minute. But you can customize it.
In your app/Http/Controllers/Auth/LoginController.php, you can add two properties:
class LoginController extends Controller
{
protected $maxAttempts = 3; // Default is 5
protected $decayMinutes = 2; // Default is 1
// ...
}
These properties will override the defaults, so you can specify less/more attempts allowed per minute, and shorter/longer restriction time.
Notice: The throttling is unique to the user’s username / e-mail address and their IP address.
thank you. It was really helpful
Hello! Thank you for the helpful information!
Will this work for restricting too many Registration attempts? Any tips about this problem?
Hi Sir how about if 3x failed login the user will be blocked.