I'm sorry but that's not an argument and I was referring to the blog you linked to. I apologize if you think I meant you, I really didn't.
Aside from good password/userid combinations if WordPress users install only one plugin then the Limit Login Attempts plugin would be a great choice.
However that blog that you linked recommended not using the Limit Login Attempts plugin. That was clearly stated in this text from that article you posted. I've added emphasis on the text.
UPDATE: It seems everyone is advising people to install either Limit Login Attempts or a WordPress Security Plugin. DO NOT DO THIS. This will not only fail to block the attack, it could crash your server. These attacks come in too fast from too many IP addresses. Please follow this guide instead.
That's just not good advice for the majority of WordPress users. The Limit Login Attempts plugin does an admirable job of blocking repeated and notifying the WordPress owner of that site that "IP address w.x.y.z is blocked for too many failed login attempts".
The other plugins on that list are not bad either. The catch is that many of the security plugins really require a better understanding of what they do.
That Limit Login Attempts plugin is basically fire and forget. It just works and is effective.
That said I also have to write this: there is no magic bullet solution for all use cases of brute force attack attempts.
For example, if your WordPress installation is on a server with 500 other WordPress installations (it happens with shared hosting) then any brute force attack PHP processing will melt down your web host. In that even then the
.htaccess solution may be more appropriate.
But for most WordPress users just that plugin will be fine.
I hope that explains what I meant more clearly.