Best practices to secure login page

[briencolwell]

I have some questions about the security of how we have the login page for OpenVPN AS - both as a user (https://my.vpn.com/) and as an admin (https://myadmin.vpn.com:943/admin).

What security does the web login provide against brute force attempts?

What's the best practice for securing these logins with respect to repeatedly failed attempts?

Any advice on how you've done it would be greatly appreciated.