Failed login attempts logs

[techc0de]

Hello,

According to the documentation,

the software is designed in such a way to prevent brute forcing the password, with IP addresses and usernames locked out for 10 minutes after a specified number of login attempts.

I tried with four incorrect attempts, but I don't see the site banned me or email me.
My email has been setup, and my web server is running with SSL.

I would like to know where can I change this number of failed attempts and lockout duration.
Thanks.

[snipe]

This should be fixed on the develop branch now. You'll need to pul down the latest develop branch and then add the following section to your .env file (obviously changing the values to whatever you'd like them to be):

# --------------------------------------------
# OPTIONAL: LOGIN THROTTLING
# --------------------------------------------
LOGIN_MAX_ATTEMPTS=10
LOGIN_LOCKOUT_DURATION=60

Can you let me know if that works for you?