diff --git a/auth/classes/output/login.php b/auth/classes/output/login.php
index c2bb00b15ac..03a62f8f1dc 100644
--- a/auth/classes/output/login.php
+++ b/auth/classes/output/login.php
@@ -53,6 +53,8 @@ class login implements renderable, templatable {
     public $cookieshelpicon;
     /** @var string The error message, if any. */
     public $error;
+    /** @var string The info message, if any. */
+    public $info;
     /** @var moodle_url Forgot password URL. */
     public $forgotpasswordurl;
     /** @var array Additional identify providers, contains the keys 'url', 'name' and 'icon'. */
@@ -131,6 +133,15 @@ class login implements renderable, templatable {
         $this->error = $error;
     }
 
+    /**
+     * Set the info message.
+     *
+     * @param string $info The info message.
+     */
+    public function set_info(string $info): void {
+        $this->info = $info;
+    }
+
     public function export_for_template(renderer_base $output) {
 
         $identityproviders = \auth_plugin_base::prepare_identity_providers_for_output($this->identityproviders, $output);
@@ -142,6 +153,7 @@ class login implements renderable, templatable {
         $data->cansignup = $this->cansignup;
         $data->cookieshelpicon = $this->cookieshelpicon->export_for_template($output);
         $data->error = $this->error;
+        $data->info = $this->info;
         $data->forgotpasswordurl = $this->forgotpasswordurl->out(false);
         $data->hasidentityproviders = !empty($this->identityproviders);
         $data->hasinstructions = !empty($this->instructions) || $this->cansignup;
diff --git a/lang/en/admin.php b/lang/en/admin.php
index c8b077ba046..cfacbfeaea0 100644
--- a/lang/en/admin.php
+++ b/lang/en/admin.php
@@ -24,6 +24,8 @@
 
 $string['accessdenied'] = 'Access denied';
 $string['accounts'] = 'Accounts';
+$string['accountunlocked'] = 'Your account has been unlocked successfully. You may now login below.';
+$string['accountlocked'] = 'Your account has been locked. An unlock link has been sent to the email address associated with your account.';
 $string['addcategory'] = 'Add a category';
 $string['additionalhtml'] = 'Additional HTML';
 $string['additionalhtml_heading'] = 'Additional HTML to be added to every page.';
diff --git a/lib/authlib.php b/lib/authlib.php
index 2d742cdc5c3..11419edffdf 100644
--- a/lib/authlib.php
+++ b/lib/authlib.php
@@ -1018,12 +1018,18 @@ function login_lock_account($user) {
  * Unlock user account and reset timers.
  *
  * @param stdClass $user
+ * @param bool $notify Notify the user their account has been unlocked.
  */
-function login_unlock_account($user) {
+function login_unlock_account($user, bool $notify = false) {
+    global $SESSION;
+
     unset_user_preference('login_lockout', $user);
     unset_user_preference('login_failed_count', $user);
     unset_user_preference('login_failed_last', $user);
 
+    if ($notify) {
+        $SESSION->logininfomsg = get_string('accountunlocked', 'admin');
+    }
     // Note: do not clear the lockout secret because user might click on the link repeatedly.
 }
 
diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 794bad1a051..c37888065ee 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -4246,7 +4246,7 @@ function guest_user() {
  * @return stdClass|false A {@link $USER} object or false if error
  */
 function authenticate_user_login($username, $password, $ignorelockout=false, &$failurereason=null, $logintoken=false) {
-    global $CFG, $DB, $PAGE;
+    global $CFG, $DB, $PAGE, $SESSION;
     require_once("$CFG->libdir/authlib.php");
 
     if ($user = get_complete_user_data('username', $username, $CFG->mnet_localhost_id)) {
@@ -4351,6 +4351,8 @@ function authenticate_user_login($username, $password, $ignorelockout=false, &$f
             $event->trigger();
 
             error_log('[client '.getremoteaddr()."]  $CFG->wwwroot  Login lockout:  $username  ".$_SERVER['HTTP_USER_AGENT']);
+            $SESSION->loginerrormsg = get_string('accountlocked', 'admin');
+
             return false;
         }
     } else {
diff --git a/lib/templates/loginform.mustache b/lib/templates/loginform.mustache
index c4f656864f3..fb48aa38e60 100644
--- a/lib/templates/loginform.mustache
+++ b/lib/templates/loginform.mustache
@@ -26,6 +26,7 @@
     * cansignup - Signup allowed?,
     * cookieshelpicon - cookies help icon details
     * error - Any errors in the form?,
+    * info - Info notification to display,
     * forgotpasswordurl - Forgot password url,
     * hasidentityproviders - Flag, set to true to hide identity providers,
     * hasinstructions - Flag, set to true to show instructions,
@@ -75,6 +76,7 @@
             "ltr": true
         },
         "error": "",
+        "info": "",
         "forgotpasswordurl": "http://localhost/stable_master/login/forgot_password.php",
         "hasidentityproviders": false,
         "hasinstructions": true,
@@ -112,6 +114,10 @@
         <a href="#" id="loginerrormessage" class="sr-only">{{error}}</a>
         <div class="alert alert-danger" role="alert">{{error}}</div>
     {{/error}}
+    {{#info}}
+        <a href="#" id="logininfomessage" class="sr-only">{{info}}</a>
+        <div class="alert alert-info" role="alert">{{info}}</div>
+    {{/info}}
     {{#cansignup}}
         <a href="{{signupurl}}" class="sr-only">{{#str}} tocreatenewaccount {{/str}}</a>
     {{/cansignup}}
diff --git a/login/index.php b/login/index.php
index 151daec1f8f..844c4231d57 100644
--- a/login/index.php
+++ b/login/index.php
@@ -52,6 +52,7 @@ $PAGE->set_pagelayout('login');
 
 /// Initialize variables
 $errormsg = '';
+$infomsg = '';
 $errorcode = 0;
 
 // login page requested session test
@@ -270,6 +271,7 @@ if ($frm and isset($frm->username)) {                             // Login WITH
 
         // Discard any errors before the last redirect.
         unset($SESSION->loginerrormsg);
+        unset($SESSION->logininfomsg);
 
         // test the session actually works by redirecting to self
         $SESSION->wantsurl = $urltogo;
@@ -344,14 +346,17 @@ if (empty($frm->username) && $authsequence[0] != 'shibboleth') {  // See bug 518
     $frm->password = "";
 }
 
-if (!empty($SESSION->loginerrormsg)) {
-    // We had some errors before redirect, show them now.
-    $errormsg = $SESSION->loginerrormsg;
+if (!empty($SESSION->loginerrormsg) || !empty($SESSION->logininfomsg)) {
+    // We had some messages before redirect, show them now.
+    $errormsg = $SESSION->loginerrormsg ?? '';
+    $infomsg = $SESSION->logininfomsg ?? '';
     unset($SESSION->loginerrormsg);
+    unset($SESSION->logininfomsg);
 
 } else if ($testsession) {
     // No need to redirect here.
     unset($SESSION->loginerrormsg);
+    unset($SESSION->logininfomsg);
 
 } else if ($errormsg or !empty($frm->password)) {
     // We must redirect after every password submission.
@@ -376,6 +381,7 @@ if (isloggedin() and !isguestuser()) {
 } else {
     $loginform = new \core_auth\output\login($authsequence, $frm->username);
     $loginform->set_error($errormsg);
+    $loginform->set_info($infomsg);
     echo $OUTPUT->render($loginform);
 }
 
diff --git a/login/unlock_account.php b/login/unlock_account.php
index d5f2f91bcda..16e37eac3e4 100644
--- a/login/unlock_account.php
+++ b/login/unlock_account.php
@@ -43,7 +43,7 @@ if (!$user = $DB->get_record('user', array('id'=>$userid, 'deleted'=>0, 'suspend
 $usersecret = get_user_preferences('login_lockout_secret', false, $user);
 
 if ($secret === $usersecret) {
-    login_unlock_account($user);
+    login_unlock_account($user, true);
     if ($USER->id == $user->id) {
         redirect("$CFG->wwwroot/");
     } else {