The "two-factor auth" and "security questions" already had counters for the number of max attempts. However, this change adds to this by counting each failed 2FA/question in the 'failed_logins' file (where wrong passwords are counted). This means you must get a valid password and valid 2FA/Question within the "brutecount" limit, else you'll be put on the ip_blacklist. Login triggers are also reworked to only trigger after both the user/pass login and 2FA/question are answered correctly. Previously, the trigger would happen after the valid login, before the 2FA/questions were answered. Triggers include: - checking to ensure the task.queue is being processed (random) - check for old custombuild/versions.txt (random) - clear the data/admin/ip_access/1.2.3.4 folder - add to "login history"