I administer the site from another account - 'admin' was disabled a long time ago.
In the last week, Better WP Security has logged over 2000 attempts to get in via the admin username. Unless I go through the actual web server logs, I can't see what the IP's of the attempts are... it would be nice to at least have that information included in the 'bad login attempts' list on the log file page.
Since the admin user doesn't exist, they can brute-force the password all they want - they'll never get in. But for my own satisfaction I'd like to be able to easily ban their IP's... at the first attempt if possible!
The offered automatic lockout settings don't let you specify a user... so if you make them too restrictive, you'll catch your less intelligent legitimate users who forgot their credentials, or forgot their caps lock (several times!). There's a fine line between annoying your real users and blocking the bad guys.
It strikes me that the heavy lifting (writing the main security modules) has been done and we really only need to see some tweaks to how the log information is presented and how we might interact with it (click to ban users for instance).
I realize I can't expect to get more than I pay for(!), so my comments have been what I hope are constructive and positive, rather than complaints! :-)