Limiting Login Attempts


Is there a way to limit the number of login attempts made by a user? Conscious at present there is no limit to the number of login attempts users can make, opening up the risk of brute force attacks.

Ideally I want users to be able to have 3 login attempts and if they fail 3 consecutive times, have to wait e.g. 10 mins before they can try again. Currently unsure how this can be done in bubble.

Anyone know how to do this?

I suppose you could log the number of tries, and when it has logged as failed 3x, you put a flag on the user’s email, that removes itself after current time +10min.

And if the user’s email is flagged, you don’t let that particular email log in of course. :slight_smile:

If you want to block attempts even if the email does not exist, I’m pretty sure there is a way to get a visitor’s public address IP and use that to block it.

Yeah, IP would be a better way to do it. Otherwise you’re giving away if the email exist or not. Which would narrow it down for a hacker, and you probably don’t want that.

Hi casheets123, i didn’t undesrtand your reply beacause i have the same problem. I would like to limit log in attemps but don’t know how to do. Please if you can explain with more detail

This topic was automatically closed after 70 days. New replies are no longer allowed.