Ubersmith has a built-in mechanism for preventing brute force login attempts.
When a login attempt is made, the system checks the number of failed login attempts for the connecting IP address and/or username in the preceding 30 minutes. If the number of failed logins is greater than or equal to 5, the login is denied.
If you whitelist an IP address in the?'Password and Login Management' section of 'setup & admin', login requests coming from that IP address are only rate-limited by username.?Unlocking a username in the 'Login Activity' page in 'reports & stats' marks all failed login attempts in the past 30 minutes by that username as excluded from the failed login count for rate-limiting purposes. This essentially resets the failed login counter for that username.
End users can also unlock their accounts by changing their password, without having to wait for the 30 minute unlock period to expire. Continued failed login attempts will only serve to extend the lockout period.