How to Set Limit Login Attempts in Laravel 8

Hey Artisan

Did you know that you can block user after doing bad attempts to log in. if you don't know then you are a right place. Today i am going to show you how we can block user after doing some bad attempts to log in.

You can change that limit as you want. If you want to do laravel custom login throttling, then do it. It is very simple. You can change limit login attemps from the throttle trait also. 

One of the less-known Laravel features is Login throttling. By default, if user tries to log in via default Laravel login form more than 5 times per minute, they will get different error message.

So let's see how we can set limit login attempts in laravel. We also see the laravel login throttling class to know about laravel throttling and how it works.


protected $maxAttempts = 1; // Default is 5
protected $decayMinutes = 1; // Default is 1


Now after adding this two lines of code if you want to login after doing one time, it will show you such kind of error messages. See the below images



Now if you want to know that how its works then you can see the throttle trait where all the functions are declared. Open the from following directory and go bottom then you will see those two below method.


     * Get the maximum number of attempts to allow.
     * @return int

    public function maxAttempts()
        return property_exists($this, 'maxAttempts') ? $this->maxAttempts : 5;

     * Get the number of minutes to throttle for.
     * @return int

    public function decayMinutes()
        return property_exists($this, 'decayMinutes') ? $this->decayMinutes : 1;


Recommended: Laravel Suspicious Logins Attempt Detector Example


You can change the default value from this throttle trait or you can add those above both line in your login controller. Hope you will understand.

One more thing. If you would like to change the default error message then you can also change it like below.


return [

    | Authentication Language Lines
    | The following language lines are used during authentication for various
    | messages that we need to display to the user. You are free to modify
    | these language lines according to your application's requirements.

    'failed' => 'These credentials do not match our records.',
    'throttle' => 'Too many login attempts. Please try again in :seconds seconds.',



Now you can change this message what you want. Hope it can help you. You can also add middleware like below



Read also : Create Your Own Multilevel Nested Comments System in Laravel


Where it will send 10 request per 2 minute. Hope this too many login attempts tutorial will help you to know something new things.

If you’re curious how it works, it’s very simple: login attempts information about blocked users and remaining time is stored in session data. Not cookies, in session.


Facebook Github
A web enthusiastic, a self-motivated full-stack software engineer from Dhaka, Bangladesh with experience in developing applications using Laravel , React and Vue js