MAGNOLIA-3557 is a new security feature that locks an account out after a number of failed login attempts. This feature is available starting with Magnolia 4.4.3 and needs to be documented.

The feature is configurable in /server/security/userManagers and works for SystemUserManager and MgnlUserManager classes. Maximum number of attempts that triggers a lockout is 5 by default. Value 0 disables the function. Lockout is implemented by setting the user.enabled property to false. A lock can be removed by an administrator by enabling the user again in the user edit dialog (checkbox)

Document in:

• http://documentation.magnolia-cms.com/administration/security/users.html
• http://documentation.magnolia-cms.com/usermanual4/gettingstarted.html
• http://documentation.magnolia-cms.com/technical-guide/security.html. Edit source in Google Docs.