diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php
index a90bde26..d37a2210 100644
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -28,6 +28,9 @@ readonly class LoginController {
             return $response->withHeader('Location', '.')->withStatus(201);
         }
 
+        // Punish failed auth attempts with a delay, as a very simple means against bots.
+        sleep(5);
+
         $response->getBody()->write("The password is incorrect.");
         return $response->withHeader('Location', '.')->withStatus(422);
     }
@@ -39,6 +42,9 @@ readonly class LoginController {
             return $response->withHeader('Location', '../..')->withStatus(302);
         }
 
+        // Punish failed auth attempts with a delay, as a very simple means against bots.
+        sleep(5);
+
         return $response->withHeader('Location', '../..')->withStatus(302);
     }