So I understand that this option,
// Brute-force attacks prevention.
// The value specifies maximum number of failed logon attempts per minute.
$config['login_rate_limit'] = 3;
Will disable an account after 3 failed login attempts within 60 seconds, but for how long.
That is how long will a disabled user have to wait before they are re-eneabled?
Also is there a way to manually re-eneable the user?
Thanks