This plugin locks user account after given number of incorrect login attempts. This makes brute force and dictionary attacks nearly impossible.
Default WordPress installation is vulnerable to brute force and dictionary attacks, because there is no limit how many times user can use invalid password before finding the correct one. This plugin closes this security hole by introducing maximum number of invalid login attempts. When someone exceeds this number, his/her account becomes locked, and can be unlocked only by requesting new password (using Lost Password option) or asking Admin for help (he/she can do it too). This makes brute force and dictionary attacks nearly impossible.
You can also disable selected user accounts, so users will not be able to log in even if they will know password. You can use this feature to ban selected users.
You can also enter lock/disable reason for your further reference. When account is automatically blocked, plugin can automatically add lock reason (configurable). By default reason text is displayed on User List only; you can also display it for user after blocked login attempt. You have also option to keep some of them private - just start the reason text with '@' (AT sign).
Plugin also provides few public functions and actions for simpler integration with other plugins - see FAQ for more details.