How do you protect this website from bruteforce login attempts?

I've been under attack heavily in the latest months and that constrained me to use some not-so-user-friendly tacticts to protect myself (I'm using captcha on wp-login as well as google autenticator) but this is far from being user friendly.

Looking at the transparency of your login page (no captcha's , no nothing...) I'm really curious to know how you deal with this type of situation and if you have some tips/plugins/mods to share.

Thanks in advance for your support.