For your first requirement, there is an OOTB function called bruteForceProtection. Not sure if that is what you need.
cuba.bruteForceProtection.enabled
Enables a mechanism for the protection against password brute force cracking.
cuba.bruteForceProtection.blockIntervalSec
Blocking interval in seconds after exceeding a maximum number of failed login attempts, if the cuba.bruteForceProtection.enabled property is on.
cuba.bruteForceProtection.maxLoginAttemptsNumber
A maximum number of failed login attempts for the combination of user login and IP address, if the cuba.bruteForceProtection.enabled property is on.