I really like your plugin! Unlike a similar plugin I tried, this plugin works with my SSL certificate login security.
Unfortunately, I am having a small problem: The "hours until retries are reset" setting does not seem to have any effect.
I did a successful test in which the number of retries was reset automatically overnight. I then did a second test where I changed the setting to 2 hours and deliberately mistyped the password. More than 2 hours later, the number of retries was not reset!
There's also a very minor issue with some confusing wording. The first setting is called "allowed retries," but it's actually the allowed number of attempts. The allowed number of retries would be one less. For example, the default setting is 4, which allows a total of 4 login attempts before lockout, of which only 3 are actually retries. I expected the default setting to allow 4 retries and 5 total attempts.
Could you please change "allowed retries" to "allowed attempts"? That would clear up the confusion quite nicely!
Thanks very much,