I'm just discovering how pervasive this problem of brute force attacks is...and started experimenting with plugins. I like the idea of what you've done by creating this plugin...mucho kudos...sincerely. I must admit, that I'm a bit leery of adding yet another plugin to all my WP installs. So I have 2 questions:
1) Wouldn't it be much more efficient to block at the server level...before they even get to the WP site? I just got done creating a support ticket to my ISP...asking the same question. IT is not my wheelhouse, so I don't know...if I even posed the question properly.
2) Why do you prefer Wordfence (haven't tried it yet) as opposed to say, Better WP Security (just beginning to to try)?