Tutorials, PHP & MySQL, Laravel Framework

Laravel Limit Login Attempts

When using Laravel's Login system for authentication it has a default of 5 failed login attempts and a lockout time for 1 minute. I previously documented how to override this in Laravel earlier versions of Laravel add login throttling with custom login controller This however no longer works on Laravel 5.6 instead you can set public properties to set the maxAttempts and decayMinutes.

Put these in your LoginController:

/**
 * Set how many failed logins are allowed before being locked out.
 */
public $maxAttempts = 1;

/**
 * Set how many seconds a lockout will last.
 */
public $decayMinutes = 30;

The above would set the login attempts to be set at 1 and a lockout for 30 minutes.

David Carr

David Carr

For the past 12 years, I’ve been developing applications for the web using mostly PHP. I do this for a living and love what I do as every day there is something new and exciting to learn.

In my spare time, the web development community is a big part of my life. Whether managing online programming groups and blogs or attending a conference, I find keeping involved helps me stay up to date. This is also my chance to give back to the community that helped me get started, a place I am proud to be apart of.

Besides programming I love spending time with friends and family and can often be found together going out catching the latest movie, staying in playing games on the sofa or planning a trip to someplace I’ve never been before.