When a registered user forgets their password and tries the wrong one a few times, the user’s account is locked out for a short time (which is good). BUT rather than telling the user that their account is locked out and will be reset in a period of time, they are told that their IP is “banned”, which causes a lot of confusion. We would like to change that wording, however, we’ve been unable to find how/where that can be done. Can anyone point us in the right direction?
Take a look at line 561 of the concrete/src/Permission/IpAccessControlService.php file, this could be what you are looking for.