Matt Stauffer has a new tutorial out on the new Login Throttling feature in 5.1. This post is a continuation of his new features in Laravel 5.1 series.
He starts talking about why login throttling is needed:
If you’ve ever run a SaaS (or put any web site with comments or signups on the Internet for any length of time), you’ve experienced the annoyance of spam signups and comments.
But, whether or not you know it, any login forms are likely to get a lot of automated login attempts. Most login forms don’t stop an automated attack trying email after email, password after password, and since those aren’t being logged, you might not even know it’s happening.
The best solution to something like this is to halt a user from attempting logins after a certain number of failed attempts. This is called login throttling, or rate limiting.
Then jumps into how to set it up and finishes by explaining how Laravel’s
ThrottlesLogins trait works.