How to delay login attempts after too many tries (PHP)

Question

I\'m working on a fairly large web site built in PHP that will potentially have a lot of users. I\'m looking into a way to protect the login screen from automated attempts. I ha

Answer 1

Why don't you wait with "hardening" and "scaling" your app until you actually have that problem? Most likely scenario is that the app will never have "a lot of users". This sounds like premature optimization to me, something to avoid.

• Once you get bots abusing, harden the signup. I'd actually remove the captcha until you start getting > 1000 signups/day.
• Once you get performance problems, improve performance by fixing real bottlenecks.