A US government warning published in April, 2013 states that "WordPress Sites Targeted by Mass Brute-force Botnet Attack" (Cf. http://1.usa.gov/176KLH4).
I have watched these botnet attacks hammer my own blogs for months and I am glad I found the LIMIT LOGIN ATTEMPTS plugin. It seems to help tremendously.
I would, however, like to see a "whitelist" option so that I can separate known, trusted "good" IP addresses from the rest. Once in a blue moon my own cookies get messed up and I cannot login to a blog. If I forget the password, this plugin blocks me.
To get around that I have to remove the plugin (as a server admin) and then login to the blog and then reinstall the plugin. I would just prefer to have a whitelist capability.
I do like the way I can extend jail time for bad IP addresses. Being able to change the parameters helps to block further attempts from new addresses that get out of jail before I can block them in my firewall or .htaccess files.
Another nice feature to have would be an EXPORT function. The botnets can be so aggressive that you compile thousands of IP addresses in a short time under a sustained brute force attack. Trying to capture all that data with standard COPY-AND-PASTE is tedious. I need to analyze the IP addresses in a spreadsheet so I can find patterns.