It looks like your server cannot sustain a persistent session.
You should not have been able to Enable the Brute-Force Protection without a working session, but maybe your session capability only broke after the protection has enabled.
In any case, you need to manually disable this login protection now so that you can get back into your WP Admin, and there are two ways to do this with FTP or File Manager access to your server. The simplest way to disable the Brute-Force Protection without disabling the plugin is to delete the safe-load folder inside the gotmls plugin folder. The second way is a little harder if you don’t know anything about PHP, but would be better in the long run, is if you can edit the wp-config.php file in the root directory or the site and rem out the require_once line at the top of the file by adding // right after the first