Write failed login attempts to the Audit Log (ID provider, username, IP, login page URL, date/time stamp)
Show the message and block the login form after 5 failed attempts from the same IP and the same username happened within X period of time: "You may attempt to log in again in <counter>"
IP check should be possible to turn on/off with a config
@alansemenov commented on Fri Feb 05 2021
Consider the following:
<counter>
"