Blocking user after multiple failed login attempts

It is possible to configure WebMail Lite so that user will be locked out and won't be able to login upon multiple failed login attempts, they would get an error message of the following kind:

The feature is enabled by setting the following option to true in data/settings/modules/Core.config.json file:

"EnableFailedLoginBlock": [
    true,
    "bool",
    null,
    "Setting to true enables feature of blocking user after a number of failed login attempts"
]

NB: If your configuration file doesn't have such an option, try pressing "Update configuration" button in Database Settings screen of admin interface.

Please note that user access is blocked from their current IP address. They can still try logging into the WebMail Lite installation from another location.

The same configuration file also holds two more options for fine-tuning this functionality:

"LoginBlockAvailableTriesCount": [
    10,
    "int",
    null,
    "Number of failed login attempts which will result in blocking user"
],
"LoginBlockDurationMinutes": [
    3,
    "int",
    null,
    "Number of minutes user will be blocked for upon multiple failed login attempts"
]

These settings control a number of failed login attempts, and block duration in minutes, respectively.

In version 9.8 of WebMail Lite one more setting was added which potentially allows for boosting this protection further:

"LoginBlockIpReputationThreshold ": [
    0,
    "int",
    null,
    "The setting determines the number of different users that need to be blocked from a specific IP address before that IP is considered to have a bad reputation and blocks any further login attempts from it."
]

By default this value is set to 0 which disables the extra protection. If you set it to non-zero value N, the IP address will be blocked for this user if it's blocked for at least N other users.