I use LSS 0.42 on latest WordPress release as well. I downloaded the Login Security Solution plugin several months ago, and have updated when prompted to do so. It worked fine until yesterday, July 14.
When I tried logging into my WP site, I got the follow message (I x'd out the data itself). The IP address listed is my home IP address. Error message:
Please enter your username or email address. You will receive a link to create a new password via email.
I enter my username, press the "Get New Password" button, and no link is mailed.
I do, however, get error messages from Login Security Solution delivered to my email address informing me a user with my IP address has broken into my site. Below is the message:
Your website, xxx, may have been broken in to.
Someone just logged in using the following components. Prior to that, some combination of those components were a part of 7 failed attempts to log in during the past 120 minutes:
Component Count Value from Current Attempt
------------------------ ----- --------------------------------
Network IP 0 107.xx
Username 7 xxx
Password MD5 0 xxx
The user has been logged out and will be required to confirm their identity via the password reset functionality.
This message is from the Login Security Solution plugin (0.42.0) for WordPress.
As I said, the above Network IP address is my home IP address.
I'm not a software developer, so unfortunately I don't know how to use a "VPN connection" that I see another user mentioned in a comment. I've instead contact hostgator to see if they can help me. Currently, they're working to disable all of my plugins, then helping me to get back into my website so I can go through my plugins one by one and eliminate those I don't want to use.
I suppose I'll need to delete Login Security Solution, which I'm sorry to do as it's worked fine up until this problem.