I've been using this plugin for a couple of months now, and you would not BELIEVE how many attacks it has thwarted.. it's actually quite scary to know how much (attempted) hacking goes on..
I'm using the intruder lockout, 404 detection AND File Change detection. I'm getting up to 5 hosts locked out per day, per site.. either for (wrongly) guessing passwords, or too many 404 errors (looking for vulnerabilities), or whatever.
NONE of my sites now have an "Admin" user, or a user with id=1, persistent offenders get permanently blacklisted, and secure passwords are ENFORCED.
The system e-mails me to let me know when it's done something, and even gives me a link to show me WHERE the attacker is located.
This is a truly top-notch, complete plugin.