I like from this plugin how it block users from accessing the wp-login.php if they type it directly in the address bar, however it has it flaws in its integration with the meta widget. I found the wp-login.php can not be hidden or blocked all the times, it can be accessed directly from some links in the meta widget, the string and the chosen word will not show up in the address bar. It only block the access when wp-login.php is typed directly on the address bar, which is great, but I would like to see this plugin to mask somehow the redirected links. Instead of yoursite.com/wp-login.php?stringblablabla... just show yoursite.com/chosenword. And eliminate that random string which seems for me unnecessary.
3 stars for me.