Use Fail2ban for protection against possible brute-force attacks
Problem to solve
Currently, there is no way to detect and ban IP addresses that could be involved in a brute-force attack.
Proposal
A feature to log every failed login attempt with the respective IP address and timestamp. This could be monitored by Fail2ban, and if it's configured correctly, it should avoid almost any brute-force attack.
Links and/or references
Useful content: