My website (Magento ver. 188.8.131.52) has recently had a full scale security audit.
The results were good with only 1 issue remaining to be addressed:
1. The following login page doesn’t have any protection against password-guessing attacks (brute force attacks).
The security assessment tested 10 invalid credential attempts and no account lockout was detected.
POST /index.php/customer/account/loginPost HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
I would be really grateful for some help in fixing these issues