Photo by Possessed Photography on Unsplash

TL;DR

  • Store the username, IP address, and the count of the failed login attempts request in your database.
  • Set the limit of how much the user is allowed to fail to log in.
  • In every login request, check if the number of failed login attempts exceeds the limit. If it does, block the login request for the concerned username in that IP address for several minutes or hours.
  • Reset the count of the failed login attempts if the user is successful to log in, or it has passed the block time limit, or reset it periodically for example every one hour.

Definition

Alif Ramdani

Software Engineer | Content Creator | Entrepreneur

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store