If a user has attempted and failed to log in (wrong password/email) 10 times in a 24 hour period, their account is locked.
This is done for security purposes to stop brute force attacks which are attempts to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works.
The user [email protected] has attempted to log in 10+ times and failed, their account is locked and they are no longer able to log in until an admin has unlocked their account first.
Log into admin
Navigate to Clients > Users
Search for the user email address (which should appear as a autocomplete suggestion)
Click on the pencil icon for that user
Within the user edit detail you’ll see under ‘Login attempts’ the number 10
Change that number back to zero
Save the user
The user can now attempt to log back in (you may want to contact the user that their account is now unlocked)
You may also want to reset the user’s password (see Reset a user’s password) or advise the user to reset the password themselves.
Within the user edit details, under ‘User logs’ there are details of recent user actions which can be reviewed to check whether the account locking was caused by a User or a Brute force attack...
Since the log in attempts happened so quickly after one-another, these user logs may prove that a brute-force attack may have been attempt, notify the user that this has occurred both to check if it was them or if they need to change their password