Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode lockdown.
This plugin is great, but the "force password" function didn't work properly while i had site stats activated in jetpack. The redirect to the password-reset page didn't work properly (users just logged out but weren't redirected)
I know this isn't very descriptive, but I don't have many other details. My site was throwing internal server errors like crazy for about an hour today. Forms on the front end were unusable, and doing pretty much anything from the back end was impossible. Deactivating this plugin cleared it up.
Before today, it seemed to work alright. Although when logging in I would occasionally see "2 attempts left", or similar, even on my first attempt.
edit: looking now to figure out if this might have been something else.
A few weeks ago, it helped repel a brute force attack, and notified me of it by email.