Basic login system with PHP and PDO. Thoughts?

Hi there!
I'm currently building my own login system with PHP and PDO. Does it look okay or have I missed something crucial in terms of basic security?

Login.php
Here is the basic login form where the admin/s log in to get to the admin area.
It sets the $_POST with user input in form of username and password.
Right now, when user submits the login it sends them to auth.php

auth.php
Here I have a require that points to db.php (contains connection to db) that sits in a folder outside of root alongside an ini file with database credentials.

First I check if user has sent any input using empty().
If not I echo out a simple "user/pass empty"
Otherwise I prepare a statement that looks for the supplied username and fetch all the data from that database row.

$stmt = $connect->prepare("SELECT ID, username, password FROM auth WHERE username = :username");  
stmt->bindParam(":username", $_POST['username']);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);

Then I authenticate the user

if(count($result) > 0 && password_verify($_POST['password'], $result['password'])){
    //Create session    
    //Redirect to admin panel
}else{
    echo "Wrong username or password";
}

Extra security against bruteforce will be added later. I read about skipping the usual captcha and instead use regular questions like "what's the 2nd paragraph in <link>to text<link> instead.

db.php
In this file (which is located outside of root, in a private folder), I use parse_ini_file('something.ini') to get the db credentials which i then use to connect with a simple try catch:

try {
        $connect = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
        }catch(PDOException $e){
            echo "Something is wrong with the connection";
            die();
        }

randomName.ini
Here I set the servername, username, password and dbname. This file is located in the same folder as db.php. Currently reading up on how to not store the config credentials in plain text.