Restrict Limit Too Many Login Attempts in Laravel

Are you concern that someone attempt login to get unauthorized in you app? this is a right place because today I am going to show you how can we block user doing attempts login in you application. Laravel can track attempt login which we can use this feature to prevent brute force attack your account credential.

One of  Laravel features is Login throttling, you can enabled and custom message error when user tries to login more than 5 times per minute, by default.

Restrict Limit Too Many Login Attempts

The below step I will show you how to set limit login attempt in Laravel.

• Option #1 - Set Rate Limit Attempt
• Behind the Scene
• Custom Error Message Attempts
• Option #2 - Middleware Attempt Filter

Noted: Well tested in Laravel 9

Option #1 - Set Rate Limit Attempt

Custom limit login within specific minute.

Open file App -> Http -> Controllers -> Auth -> LoginController.php

class LoginController extends Controller
{
    protected $maxAttempts = 3; // default is 5
    protected $decayMinutes = 2; // default is 1
    // ...
}

These properties means if user enter 3 times wrong email or password in a row, you will stuck with the message error login attempts.

Behind the Scene

If you want to know what's behind the scene? you can see the throttle trait where all the functions are declared. Okay let's go bottom then you will see those two functions. No modified is required

Open file vendor -> laravel -> ui -> auth-backend -> ThrottlesLogins.php

<?php
  
 /**
   * Get the maximum number of attempts to allow.
   *
   * @return int
   */

  public function maxAttempts()
  {
      return property_exists($this, 'maxAttempts') ? $this->maxAttempts : 5;
  }

  /**
   * Get the number of minutes to throttle for.
   *
   * @return int
   */

  public function decayMinutes()
  {
      return property_exists($this, 'decayMinutes') ? $this->decayMinutes : 1;
  }

Custom Error Message Attempts

You also can change to message error as well

Open file lang -> en -> auth.php

<?php

return [

    /*
    |--------------------------------------------------------------------------
    | Authentication Language Lines
    |--------------------------------------------------------------------------
    |
    | The following language lines are used during authentication for various
    | messages that we need to display to the user. You are free to modify
    | these language lines according to your application's requirements.
    |
    */

    'failed' => 'These credentials do not match our records.',
    'throttle' => 'Too many login attempts. Please try again in :seconds seconds.',

];

Option #2 - Middleware Attempt Filter

Another option you can set middleware to the specific login route as below example

Route::post("/admin/login",[LoginController::class,'login'])->middleware("throttle:5,2");

The separate value colum where will send 5 request in 2 minutes. Hope this short tutorial how to limit rate login attempts in Laravel help you. Have a nice day!!

You might also like...

• Get Columns Names from Model Class in Laravel

• Laravel Ajax GET Data Request Example

• How to Get, Set, Delete and Check Cookie in Laravel

• Laravel Query Eloquent whereBetween Example

• How to Install Tailwind CSS in Laravel 9 in 3 Ways

• Razorpay Payment Gateway Integration in Laravel