Though the plugin allows for multiple attempts to enter the user name and password on the administrative login page, God help you if you have CAPTCHA enabled and absentmindedly enter the wrong answer for the numeric CAPTCHA.
This results in automatic lock down of your ip.
If you enable login captcha make SURE you enable the unlock request button or you will have to proxy your way back into your back end.
Setting retries for logins to 3 ONLY accounts for unsuccessful password / user name entries with a correct response to CAPTCHA.
Any incorrect response to cAPTCHA or leaving it blank, no matter if it's first try or 3rd, will result in an ip lock down.