PHPackages mralston/lockout - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. mralston/lockout ActiveLibrary[Authentication & Authorization](/categories/authentication) mralston/lockout ================ Locks user accounts after a set number of failed login attempts. v1.0.15(1y ago)1473↓50%MITPHPPHP ^7.4|^8.0CI failing Since Oct 28Pushed 1y ago1 watchersCompare [ Source](https://github.com/mralston/lockout)[ Packagist](https://packagist.org/packages/mralston/lockout)[ Docs](https://github.com/mralston/lockout)[ GitHub Sponsors](https://github.com/mralston)[ RSS](/packages/mralston-lockout/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (4)Versions (17)Used By (0) Lockout ======= [](#lockout) Locks user accounts and IP addresses after repeated failed login attempts. [![Latest Version on Packagist](https://camo.githubusercontent.com/4067c316971159d3d6a991e158e904fbb82acd820ea4f96c51cf8c33aff35893/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d72616c73746f6e2f6c6f636b6f75742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/mralston/lockout)[![GitHub Tests Action Status](https://camo.githubusercontent.com/62ae77853770114718fb300078a1e651b671bb7e0b59422cdd6e8a6ef7b212a3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f6d72616c73746f6e2f6c6f636b6f75742f72756e2d74657374733f6c6162656c3d7465737473)](https://github.com/mralston/lockout/actions?query=workflow%3Arun-tests+branch%3Amain)[![GitHub Code Style Action Status](https://camo.githubusercontent.com/ea2079862f4d80211c1d2dd534bcf8f812329b6b758bcba7b015cdb34f20188b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f6d72616c73746f6e2f6c6f636b6f75742f436865636b253230262532306669782532307374796c696e673f6c6162656c3d636f64652532307374796c65)](https://github.com/mralston/lockout/actions?query=workflow%3A%22Check+%26+fix+styling%22+branch%3Amain)[![Total Downloads](https://camo.githubusercontent.com/11492023c8e2c9daa1f071691427a4f962e16719bf407f3441c8b612d17f84c1/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d72616c73746f6e2f6c6f636b6f75742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/mralston/lockout) --- Installation ------------ [](#installation) You can install the package via composer: ``` composer require mralston/lockout ``` You can publish and run the migrations with: ``` php artisan vendor:publish --provider="Mralston\Lockout\LockoutServiceProvider" --tag="lockout-migrations" php artisan migrate ``` You can publish the config file with: ``` php artisan vendor:publish --provider="Mralston\Lockout\LockoutServiceProvider" --tag="lockout-config" ``` This is the contents of the published config file: ``` return [ 'max_attempts_user' => env('MAX_LOGIN_ATTEMPTS_USER', 10), 'max_attempts_ip' => env('MAX_LOGIN_ATTEMPTS_IP', 20), 'lockout_duration_user' => env('LOCKOUT_DURATION_USER', 15 * 60), 'lockout_duration_ip' => env('LOCKOUT_DURATION_IP', 60 * 60 * 24 * 7), ]; ``` Basic Usage ----------- [](#basic-usage) The package will automatically block a user account or IP address after too many failed attempts within the specified time interval. `MAX_LOGIN_ATTEMPTS_USER` determines how many failed logins should be permitted for a specific user before being locked out. `MAX_LOGIN_ATTEMPTS_IP` determines how many failed logins should be permitted from a specific IP address before being locked out. `LOCKOUT_DURATION_USER` determines how long a user account should be locked for. Set to zero or null for a permanent ban. `LOCKOUT_DURATION_IP` determines how long an IP address should be locked for. Set to zero or null for a permanent ban. Unlocking Users & IP addresses ---------------------------------- [](#unlocking-users--ip-addresses) A locked user account or IP address can be manually unlocked using the following commands: ``` php artisan lockout:unlock --user=123 php artisan lockout:unlock --email=somebody@example.com php artisan lockout:unlock --ip=1.2.3.5 ``` Maintenance ----------- [](#maintenance) Stale records of failed authentication attempts can be pruned with the following command, which can be run manually or through the scheduler: ``` php artisan lockout:prune ``` Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Contributing ------------ [](#contributing) Please see [CONTRIBUTING](.github/CONTRIBUTING.md) for details. Security Vulnerabilities ------------------------ [](#security-vulnerabilities) Please review [our security policy](../../security/policy) on how to report security vulnerabilities. Credits ------- [](#credits) - [Matt Ralston](https://github.com/mralston) - [All Contributors](../../contributors) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 38 — LowBetter than 85% of packages Maintenance50 Moderate activity, may be stable Popularity18 Limited adoption so far Community7 Small or concentrated contributor base Maturity63 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~86 days Recently: every ~323 days Total 16 Last Release 366d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/248387?v=4)[Matt](/maintainers/mralston)[@mralston](https://github.com/mralston) --- Top Contributors [![mralston](https://avatars.githubusercontent.com/u/248387?v=4)](https://github.com/mralston "mralston (18 commits)") --- Tags laravellockoutmralston ### Embed Badge ![Health badge](/badges/mralston-lockout/health.svg) ``` [![Health](https://phpackages.com/badges/mralston-lockout/health.svg)](https://phpackages.com/packages/mralston-lockout) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[laravel/passport Laravel Passport provides OAuth2 server support to Laravel. 3.4k85.0M532](/packages/laravel-passport)[php-open-source-saver/jwt-auth JSON Web Token Authentication for Laravel and Lumen 8359.8M53](/packages/php-open-source-saver-jwt-auth)[laragear/two-factor On-premises 2FA Authentication for out-of-the-box. 339785.3k8](/packages/laragear-two-factor)[laravel/pulse Laravel Pulse is a real-time application performance monitoring tool and dashboard for your Laravel application. 1.7k12.1M99](/packages/laravel-pulse)[roots/acorn Framework for Roots WordPress projects built with Laravel components. 9682.1M97](/packages/roots-acorn) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)