The PAM (Pluggable Authentication Module) module pam_tally keeps track of unsuccessful login attempts then disables user accounts when a preset limit is reached. This is often referred to as account lockout.
To lock out a user after 4 attempts, two entries need to be added to the files at /etc/pam.d/