Recently someone has taken to using 5000+ IPs to bypass rate-limits and try many passwords. Therefore, it is now required to solve a captcha when logging in. JavaScript is required for this. I know that several forum users like to use NoScript, but I am not aware of any high-quality (ie. not OCR-able) captcha services/libraries which don't require JavaScript. You can maybe enable JS just for the login page, and then disable it again afterward.

There are a few people who use automated bots which need to login. Contact me with a description of your bot, and if it seems reasonable, I will give you a key which will allow you to bypass the captcha.

Let me know if you see any bugs.