Yes, in Drupal 7 there is no such setting and no module either, but there is a patch or you can make your own module.
1) Patch https://www.drupal.org/project/drupal/issues/3074666
1.1) After applying the patch, add a line to the very end of the /sites/default/settings.php file, in which we indicate the number of allowed attempts: 2 ) Own module 2.1) We prepare files for our module xandeadx.ru/blog/drupal/256 2.2) Add a restriction to the password recovery form. The code can be taken from here https://www.drupal.org/project/drupal/issues/1681832
$conf['user_pass_reset_user_limit'] = 3;

// xyz - название Вашего модуля
function xyz_user_pass_form_validate($form, $form_state){
  // Тут 3 - это кол-во допустимых запросов за 86400 секунд.
  if(!flood_is_allowed('request new password', 3, 86400, $form_state['values']['name'])){
    form_set_error('name', 'Reset password limit exceeded.  Please contact technical support for further assistance.');
  flood_register_event('request new password', 86400, $form_state['values']['name']);
  } else {
    flood_register_event('request new password', 86400, $form_state['values']['name']);
  }
}

hook_form_user_pass_alter($form){
  array_unshift($form['#validate'], 'xyz_user_pass_form_validate');
}

By default, there is a limit of 5 attempts - https://git.drupalcode.org/project/drupal/-/blob/7...