I'm on WordPress multisite with mapped domains. I have WordFence running and set to alert on failed logins and block additional attempts after a small number of failures from the same IP.
I set this plugin on two sites. This morning, emails from WordFence confirm those sites were hit by successive attempts from a bot network along with the other sites in the network.
The theory sounds good, but in fact, if it works like it is supposed to, I believe it should have kept the bots from attempting to login at all. It did not.
Hopefully there will be a better version or someone else who finds a fix for botnets. So far, this doesn't seem to be it.