The Oracle WebLogic Server guide on Securing a Production Environment has a section on configuring user lockouts and login time limits to prevent attacks on user accounts. In general, application utilizes the WebLogic Security Service for managing user accounts.

Therefore, changes recommended by the WebLogic Server guide should be applied after assessing the impact on production. The changes applied would be suitable for accounts managed by Oracle WebLogic Server. Note that the WebLogic Server Online Console guide will reference Compatibility Security which is deprecated in Oracle WebLogic Server 10.3.