New scope of work:
1) Installing CAPTCHA on the login and signup page so that a bot does not sign up for fake accounts and login into them.
2) Block user if authentication fails say 3 times for say 24 hours.
3) Input everywhere will be numbers including username and password. (According to your specifications)
4) CSRF protection on forms. CSRF stand for Cross-site request forgery. There is a provision in Laravel for this. I can implement it on the forms if you want.
There was another query you made regarding the encryption of the data between the browser and the server. I have looked into it. And as I explained earlier it would be implemented by applying for a SSL certificate. After that you can make your users use the HTTPS protocol instead of the normal HTTP. When using the HTTPS protocol, all requests and data communication will encrypted. The will be an htaccess file in your project that will require some additional lines of code so that every request is routed through HTTPS and not through HTTP. Will get that done.