We are going to deploy the new yiiframework.com website on March 23, 2018 from 8:00 to 12:00 UTC.
Website and Yii documentation will not be available in this time frame. Check the news for more details.
In this mini howto I would like to show how to add a required captcha field in the login form, after a defined number of unsuccessfull attempts.
To do this, I will use the blog demo that you have in default Yii download package (path/to/yii/demos/blog).
This article is called extended guide is because there is already a security guide in the Yii tutorial security section. but that guide is not complete in the sense that it does not rise the developers' attention to some other commonly happening attacks: SQL injection and magic URL, which can be major vulnerabilities in your application without much caring.