How can I lockout login for 5 minutes if 5 bad attempts are made

Hello,
Im trying to lock the login for 5 minutes if 5 bad attempts are made in a row to help deter brute force hackers. Does anyone have any methods they usually use in CodeIgniter? Thanks!

I would highly recommend that you use a reputable Auth library for CodeIgniter instead of building something by yourself. There is a lot of security to think of and easy to miss if you don't know exactly what you are doing.

I recommend Ion Auth, it is one of the best auth libraries for CI. It also include lockout functionality that you are looking for.

Thanks I will look into that!

Are there any other things you recommend to make the login/site secure?

Some basics and things I always recommend for basic security

• Good Auth Library (as I recommended above)
  
• Required user account activation/validation via email
  
• Lockout functionality
  
• Enforce strong user passwords (min 8 chars, with min 2 numeric)
  
• User CSRF token for ALL user submitted forms.
  
• As always, validate ALL data submitted by users.
  
• HTTPS on all requests
  
• Never use one login for admins, they should have there own personal login (if you have a CMS)
  

And if you want to go all the way

• Deny any sort of iframing of your site setting the X-Frame-Options header https://developer.mozilla.org/en-US/docs...me-Options
  
• Turn on secure cookies (available in the CI config)
  
• Turn on HTTP cookies only (but be aware this will make the cookie unavailable for JS) (available in the CI config)
  
• Enforce extreme user passwords (min 8 chars, min 2 lower, 2 upper, 2 numeric, 2 special char)
  

That is what I can think of atm, but it is late here so I will update if I can come up with anything else another day.