Unraid 6.9.2 added an automatic lock if incorrect passwords were attempted after 3 tries (for the WebUI at least):
Failed Login Restrictions
For webGUI login you now get 3 login attempts per IP address before a 15-minute cool off is enforced. Further, the timestamp of the last three failed login attempts per IP address are stored in files located in /var/log/pwfail/<ip-address>. Note this only applies to webGUI login, not ssh or telnet.
If necessary, deleting the file above will allow another set of login attempts without waiting for the 15 minute cool off.