As I see and mentioned in my other post, Gl firmware uses NGNIX, which is great!
Also, GL gui has protection against bruteforce, but not Luci. I know that Luci is not Gl responsibility so is think why not to add toggle like "advanced protection" section where person will be able to add additional username and password (see more here). But don't forgetto mention that this could possibly break API (if not adjusted).
It will help someone like me. That uses router to connect users and printers (so guest network not a solution) but there is someone "shitty" to try to broutforece admin pass.
Maybe we can adjust the feature request to Make it possible to enable/disable luci within the GL-GUI? Should be very easy to implement and might cover those security settings.
If it work like "I need luci, click and it works" than "I set everything now I don't need it, click an it is disabled" so I think it will be even better.
But it must remember settings which done in luci, even if luci login temporarily disabled.