Vanilla 2.6 is here
! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2
with security patches if you are still on PHP 5.6 to give you additional time to upgrade.
Login security ideas for 2.3 core.
To help with account security could you guy's only allow users to login via their email address only plus higher the character limit for account's passwords including add some type of wrong password temporary ban system.