I have Moodle setup and running, the company I work for did a security scan on it and it picked up several security problems. One problem they noted was that Moodle did not lock out accounts when they tried to login with an incorrect password. They stated that the fix for this was to decide upon the number of login attempts to be allowed (usually from 3 to 5) and make sure that the account would be locked once the permitted number of attempts is exceeded. To suspend account activity only temporily and enable it after a specific period of time has passed.
Is there a way to do this and if so how? I am not a programmer at all and know very little about php.