Block request for multiple unsuccessful logins for a period of time

Question

I have a web site and I want to block request from BOTs and attempt brute force login to my web site.

Now I\'m using Session for storing lo

Answer 1

The easiest would be to front your solution with a CDN provider such as cloudflare (https://www.cloudflare.com/features-security) that will detect bots for you. Lots of the CDNs offer this, and cloudflare have a free tariff.

Alternatively if you are attempting to do this yourself, then you can count the number of attempts per username in your database and present a captcha based on this count.