How do I add rate limiting to a Livewire action like a form submission?

Use the `@rateLimited` directive on your Livewire method or wrap it with the `withRateLimiting()` helper. For example, add `@rateLimited('submit-form', maxAttempts: 5, decaySeconds: 10)` above your `submitForm()` method. This integrates with Laravel’s RateLimiter for consistent throttling.

Does this package work with Laravel 10 and Livewire 3.x?

Yes, **danharrin/livewire-rate-limiting** is designed for Laravel 10+ and Livewire 3.x. If you’re using older versions, you may need to upgrade to leverage its full feature set, including Livewire 3’s action system optimizations.

Can I customize the rate limit keys (e.g., per user, per IP, or per session)?

Absolutely. The package supports custom keys via Laravel’s RateLimiter. Use `Cache::tags()` or define a custom resolver in your `RateLimiter` configuration to apply limits per user, IP, or session dynamically.

What happens when a user exceeds the rate limit? Does it break the Livewire component?

By default, the package throws a `TooManyRequestsException`, which you can catch in your Livewire component to show a user-friendly message (e.g., 'Too many attempts. Please wait.'). You can also customize this behavior via exceptions or return a JSON response.

Will this package slow down my Livewire components in production?

The performance impact is minimal since it leverages Laravel’s caching layer (Redis recommended). However, high-concurrency actions may require a dedicated cache instance or sharding to avoid bottlenecks. Test under load to ensure responsiveness.

Can I use this for login attempts or password reset requests?

Yes, it’s ideal for securing sensitive actions like login attempts or password resets. Configure strict limits (e.g., 5 attempts per 5 minutes) and pair it with Laravel’s `ThrottlesLogins` trait for added security.

How do I test rate-limited Livewire actions in PHPUnit?

Mock Laravel’s `RateLimiter` facade in your tests to simulate exceeded limits. Use `RateLimiter::for('key')->hit()` to trigger throttling, then verify your component’s response or exception handling. For Livewire-specific tests, use `Livewire::test()` to simulate user interactions.

Is there a way to log rate-limit events for abuse detection?

Yes, extend the package by listening to Laravel’s `illuminate.events.throttled` event or log manually via `Log::channel('rate-limits')->info()`. This helps track suspicious activity or monitor usage patterns.

Can I apply rate limiting to all actions in a Livewire component at once?

Not directly, but you can create a base component with a `boot()` method that applies rate limiting to all actions dynamically. Use middleware-like logic or a trait to wrap methods, though this requires careful handling of Livewire’s lifecycle.

What are the alternatives to this package for Livewire rate limiting?

Alternatives include Laravel’s built-in `throttle` middleware (for HTTP routes) or custom Livewire middleware. However, this package is specialized for Livewire actions, offering tighter integration, per-action granularity, and seamless exception handling without HTTP overhead.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Livewire Rate Limiting Laravel Package

danharrin/livewire-rate-limiting

Add rate limiting to Laravel Livewire actions to stop spam and brute-force clicks. Configure limits per component or method, with customizable keys, decay times, and responses when limits are exceeded—simple protection that feels native to Livewire.

Deep Wiki

Context7

danharrin/livewire-rate-limiting adds simple, configurable rate limiting to Laravel Livewire components to protect actions like form submissions, searches, and button clicks from abuse. It integrates with Laravel’s native RateLimiter so you can apply consistent throttling rules without leaving your component code.

Use it to prevent rapid-fire requests, reduce server load, and improve UX by handling throttled states gracefully while keeping your Livewire interactions responsive.

Add per-action or per-component throttling to Livewire methods
Leverage Laravel’s built-in RateLimiter and cache drivers
Customize keys, limits, and decay times for different interactions
Handle exceeded limits with clean exceptions or user-friendly responses
Ideal for login attempts, contact forms, voting, and search inputs

Frequently asked questions about Livewire Rate Limiting

How do I add rate limiting to a Livewire action like a form submission?: Use the `@rateLimited` directive on your Livewire method or wrap it with the `withRateLimiting()` helper. For example, add `@rateLimited('submit-form', maxAttempts: 5, decaySeconds: 10)` above your `submitForm()` method. This integrates with Laravel’s RateLimiter for consistent throttling.
Does this package work with Laravel 10 and Livewire 3.x?: Yes, **danharrin/livewire-rate-limiting** is designed for Laravel 10+ and Livewire 3.x. If you’re using older versions, you may need to upgrade to leverage its full feature set, including Livewire 3’s action system optimizations.
Can I customize the rate limit keys (e.g., per user, per IP, or per session)?: Absolutely. The package supports custom keys via Laravel’s RateLimiter. Use `Cache::tags()` or define a custom resolver in your `RateLimiter` configuration to apply limits per user, IP, or session dynamically.
What happens when a user exceeds the rate limit? Does it break the Livewire component?: By default, the package throws a `TooManyRequestsException`, which you can catch in your Livewire component to show a user-friendly message (e.g., 'Too many attempts. Please wait.'). You can also customize this behavior via exceptions or return a JSON response.
Will this package slow down my Livewire components in production?: The performance impact is minimal since it leverages Laravel’s caching layer (Redis recommended). However, high-concurrency actions may require a dedicated cache instance or sharding to avoid bottlenecks. Test under load to ensure responsiveness.
Can I use this for login attempts or password reset requests?: Yes, it’s ideal for securing sensitive actions like login attempts or password resets. Configure strict limits (e.g., 5 attempts per 5 minutes) and pair it with Laravel’s `ThrottlesLogins` trait for added security.
How do I test rate-limited Livewire actions in PHPUnit?: Mock Laravel’s `RateLimiter` facade in your tests to simulate exceeded limits. Use `RateLimiter::for('key')->hit()` to trigger throttling, then verify your component’s response or exception handling. For Livewire-specific tests, use `Livewire::test()` to simulate user interactions.
Is there a way to log rate-limit events for abuse detection?: Yes, extend the package by listening to Laravel’s `illuminate.events.throttled` event or log manually via `Log::channel('rate-limits')->info()`. This helps track suspicious activity or monitor usage patterns.
Can I apply rate limiting to all actions in a Livewire component at once?: Not directly, but you can create a base component with a `boot()` method that applies rate limiting to all actions dynamically. Use middleware-like logic or a trait to wrap methods, though this requires careful handling of Livewire’s lifecycle.
What are the alternatives to this package for Livewire rate limiting?: Alternatives include Laravel’s built-in `throttle` middleware (for HTTP routes) or custom Livewire middleware. However, this package is specialized for Livewire actions, offering tighter integration, per-action granularity, and seamless exception handling without HTTP overhead.

Stars

404

Forks

Score

22.9

License

MIT

Last release

Mar 16, 2026

Watchers

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

davejamesmiller/laravel-breadcrumbs

artisanry/parsedown

christhompsontldr/phpsdk

enqueue/dsn

bunny/bunny

enqueue/test

enqueue/null

enqueue/amqp-tools

milesj/emojibase

bower-asset/punycode

bower-asset/inputmask

bower-asset/jquery

bower-asset/yii2-pjax

laravel/nova

spatie/laravel-mailcoach

spatie/laravel-superseeder

laravel/liferaft

nst/json-test-suite

danielmiessler/sec-lists

jackalope/jackalope-transport