Bruteforce protection - login lockout

It would be useful to have bruteforce protection for login form: in case of several (3-5) incorrect login attempts user IP address should be locked out for certain timeframe.

What do you think - does it make sense to implement that on apllication (WriteFreely) level?

Otherwise I am thinking to write a fail2ban rule for WriteFreely :blush: