Personally I was recommended this plugin by Bullet Proof Security, as I use their plugin plus also use Limit Login Attempts. I installed it in 11 websites yesterday, and all work well. I've been adding extra security as their is a rash of automated scripts trying to break into people's WP installations.
What I'm gathering, for those that experience "admin" lockouts, first of all, you should never have your /yourdomain.com/wp-admin or wp-login.php where your default username is "admin." You're asking for trouble if you do. If you do a search, you can find out how to change that if you have it set up that way. I'll give you an example, a specific IP address tries to login, get's locked out, especially if you use "Limit Login Attempts" plugin, then you install this beautiful plug-in, and you will immediately be locked out.
If this happens, always use two browsers when adding plugins, i.e., Google Chrome and Firefox, keep both open in admin. After installing a plugin, do not activate until you open your other browser to your plugins in admin, then activate the plugin in one browser, test it, if it doesn't work, delete it from the other browser--or you can FTP and delete it if you prefer one browser.
So bottom line, if you add Jeff's beautiful plugin, make sure you reset your "Limit Login Attempts" so you don't get locked out if you have blocked people of the LLA plugin. I also found out you can run both, I have both turned on, both with different settings.
Of note, I also renamed my "login" page this plugin creates, plus renamed the URL when editing in page edit mode, i.e., instead of yourdomain.com/login it's something like yourdomain.com/come-on-in/ or whatever you prefer. I also renamed, not deleted, so if I need it later it's there, the wp-login.php file to something like wp-login.phpSaveForEmergencies
So now I have several layers of protection. If a hacker goes to mydomain.com/wp-login.php they get page not found. If they go to mydomain.com/wp-admin obviously they are redirected, but that might mean they will have to work harder as I have a weird name for my login/logout page. If they break in past Limit Login Attempts, they have to break in past Theme My Login page security. Not to mention I have installed Bullet Proof Pro so that adds a steal front door to begin with. You might also look at SpamTrawler too, it's not a WP plugin and it's installed in your server root directory, but it protects WP, Socialengine, Vbulletin, etc., anything on your site from spammers, but you can also block countries out too!
Every bit of protection helps and this plugin is just one layer, but the more layers you have, the better off you arre--and that's layers on your server and your WP installation, not just WP. Just my thoughts and I bought my products and am not employed by products mentioned here. Thanks!