Lock out users after too many failed login attempts

Question

I\'m looking for the most elegant way to lock a Django user account after several failed login attempts.

\"What have I tried?\":

Answer 1

Create model called "failed_logins" with two fields, a "User" field/foreign key and a "Timestamp" field.

When a user successfully logs in, delete all "failed_logins" entries for that user.

When a user unsuccessfully logs in, create an entry in "failed_logins" for that user with the current timestamp.

On every login attempt for a given user, BEFORE checking to see if password is correct/incorrect:

• run a query deleting all "failed_logins" entries older than 15 minutes (or w/e time period).

• run a query checking the count of entries in failed_logins for the user attempting to login. If it's 5, kill the login attempt, notifying the user they have been locked out of their account and to try back in a little while.

Result: Users are locked out after 5 failed login attempts for a short while.