I keep receiving numerous mails per day reporting failed login attempts by the "Limit Login Attempts" plugin. I installed this plugin additionally to lock bots out in the first place. Seems to work.
However most options on the settings page of the plugin are pretty much useless. Fields for public & private key would be enough.
I would also encourage the author to propose a patch for the "big" WP-reCAPTCHA plugin to also support the login page. This way one would only need one captcha plugin to be enabled and not two.