Short answer: No, but it's better than nothing.
Without SSL, you're going to be susceptible to replay attacks/session hijacking no matter what. What this means is that if someone is able to guess or learn the session ID of a logged-in user (which would be trivial to do in an unprotected wireless network), then essentially they could do anything to your WordPress site by masquerading as that user.
The point of this is to prevent your password from being transmitted in the "clear." If someone is in a position where they can learn your session ID, under normal circumstances, they'd also be able to learn your password. The proper use of this plugin removes that possibility.
Use SSL. This means you'll have to have a dedicated IP (which usually costs additional money) and an SSL certificate (which is expensive for a "real" one, but if you're just using this for your own administration purposes, a "self-signed" certificate would probably suffice). Any more detail on these two things is beyond the scope of this document.
Requires: 2.5 and the MD5 Password Hashes plugin (http://wordpress.org/extend/plugins/md5-password-hashes/) or higher
Compatible up to: 2.5 (not compatible with earlier versions)
Last Updated: 2008-5-1
Got something to say? Need help?