Django-ratelimit-backend is an app that allows rate-limiting of login attempts at the authentication backend level. Login attempts are stored in the cache so you need a properly configured cache setup.
By default, it blocks any IP that has more than 30 failed login attempts in the past 5 minutes. The IP can still browse your site, only login attempts are blocked.
Get involved, submit issues and pull requests on the code repository!