Users are locked out if they make multiple failed login attempts. This is done to prevent the brute forcing of user passwords.

Users can unlock their own account but performing a password reset to their registered email address.

Admin users can also unlock locked accounts.