As I see and mentioned in my other post, Gl firmware uses NGNIX, which is great!
Also, GL gui has protection against bruteforce, but not Luci. I know that Luci is not Gl responsibility so is think why not to add toggle like "advanced protection" section where person will be able to add additional username and password (see more here). But don't forgetto mention that this could possibly break API (if not adjusted).
It will help someone like me. That uses router to connect users and printers (so guest network not a solution) but there is someone "shitty" to try to broutforece admin pass.
Maybe we can adjust the feature request to Make it possible to enable/disable luci within the GL-GUI? Should be very easy to implement and might cover those security settings.
If it work like "I need luci, click and it works" than "I set everything now I don't need it, click an it is disabled" so I think it will be even better.
But it must remember settings which done in luci, even if luci login temporarily disabled.
The password for the GL GUI is the same as LuCI is the same as ssh. If you want to disable LuCI just /etc/init.d/uhttpd stop && /etc/init.d/uhttpd disable,
I'll say it again: you have other things to re-evaluate, like an Intro to Linux course.
Disabling SSH really should force the user to acknowledge the risks of doing so... including how only a full reset is the only way to recover should anything Nginx-related mess up. I'll also re-raise the following:
