Hi!
I think it would be a good idea to add another brute-force protection by forcing users to solve a captcha after 3-5 failed login attempts.
A little amount of 3 to 5 failed login attempts will make brute-forcing much harder and will probably also make brute-forcing with many proxies a lot harder.
This site is for bug reports only, for feature requests, go to reddit.