Pray that Cloudflare handled it
Keep a counter of bad login attempts right where salted hash of the password is kept. When checking against a given password, check that counter too. If it exceeds a certain threshold, don't let the login attempt to go through. Keep a timestamp too if the functionality has to be restored.
what if the login requests use a new username every time too
Gg. IP address based counting will be needed then.
this is also bad for another reason
or use Google/Microsoft/Apple sign-in
Обсуждают сегодня