The following methods are used in preventing a brute force login attack :
Strong password policy and frequent password changes.
Account lockout policy : account is locked after a set number of failed login attempts. It is locked until the administrator unlocks it.
Use of Captcha : the user is asked to manually input some text or solve a simple problem.
Progressive delays : account is locked for a certain period after three failed login attempts.
Limit logins to a specified IP address or range : if you allow access only from a designated IP address or range, it will be difficult for brute force attackers to gain access.
Two-factor authentication (2FA) : it reduces the risk of a potential data breach.
Monitor your server logs : ensure that you analyze your log files diligently.