ionauth login maximum attempts implementation
It depends entirely on the design of your project, if it's some store or paid services provider, than you can think of implementing this and disallowing user to login for a minute or two, if it's your personal blog, I would suggest you not to implement this at all.
To force clear the attempts, if you need to, you can call
$this->ion_auth->clear_login_attempts($identity);and to block user from trying to log in, you can make an if statement
if(!is_max_login_attempts_exceeded($identity)) { // try to login}If you want to implement a captcha, you can change the if statement above to check if the captcha input was correct and use the code block above to make a decision whether to show captcha in your login form.
In any case, don't bother implementing this if you've never got brute forced before and if the information/actions that can be gathered/run by the hacker are not dangerous enough as it will simply annoy those, who simply forgot their password and try every password they have ever used before.