So I tested to see if the email log-in would lock you out after X amount of tries, and it didn't. This causes a security concern for me, as people are constantly trying to hack ways into our forums and some of our members use our hosts email. If they get into the hosts email, then their forum account is then able to be breached. This is not a good thing as far as I'm concerned... Is there some way I can have the email log-in thing lock an IP out after X amount of failed log-in tries?

1) we do have that type of checks/blocks but they are number of tries over a set time. Brute force is stopped, but it will let legit stuff like your attempt through.

2) brute force testing our servers is a violation of the ToS. Please trust us to test our own stuff and don't pound our servers.

Ok, all I needed to know was that it would be protected against others bruteforcing. Thanks. I tried about 5 times with the wrong password and it didn't stop it.

Ok, all I needed to know was that it would be protected against others bruteforcing. Thanks. I tried about 5 times with the wrong password and it didn't stop it.

You'll need more than five tries to successfully brute force a password. I'm guessing they have it set up so that genuine failed attempts from real humans like you get by, but anything that's obviously a bot (like 200 attempts in a minute) is stopped. :)