Laravel - Authentication - Login Throttling
If you are using the Laravel Breeze or Laravel Jetstream starter kits, rate limiting will automatically be applied to login attempts. By default, the user will not be able to login for one minute if they fail to provide the correct credentials after several attempts. The throttling is unique to the user's username / email address and their IP address.
If you would like to rate limit other routes in your application, check out the rate limiting documentation.