Idea: add a Hashcash or some other proof-of-work to the register page
I had this idea and only just learned about Hashcash (https://en.wikipedia.org/wiki/Hashcash).
I think this (along with a better captcha) would be good to slow down things like skids mass creating accounts, which happened recently.
There's an existing Elixir library: https://github.com/danj3/elixir-hashcash
And probably a lot of JS implementation like https://github.com/007/hashcash-js
I found this example of it being used for a sign up page, it's Rails, but it could be a good model for an implementation: https://github.com/BaseSecrete/active_hashcash
Aside from that, maybe some documentation on how to rate limit the login page properly on nginx and such would be helpful.
Just throwing some ideas out there, I don't think I'm competent enough to implement it, though.