Limit Login Attempts – By Johan Eenfeldt
This plugin will limit the number of login attempts possible both through normal login as well as using auth cookies. By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease. Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
This is why it is important to research and test. Test Test Test! I used to like this plugin, but it has gotten the better of me a few times and my clients – it is too tough and I was still getting comment spam with it. Locked myself out quite a few times with this.Two mistypes, and hitting the enter key on a blank password locked me out. I know you can set it however you like, but not user friendly enough for me.