I had faith on this plugin after reading all the good reviews.
Unfortunately, that wasn´t my experience.
After installing and playing with the settings, it locked me out from the site. It didn´t recognize/accept my valid username and password when login, and it just didn´t let me into the admin area (using the right credentials!). God knows which setting was to blame for this (or maybe it wasn´t a setting, maybe it was a bug).
I thought ok, being locked out of your own site is kind of normal with security plugins. Maybe it was a bad setting...
However, the problem is that I never could restore normal functionality after it logged my out.
I tried everything. I erased the code in htaccess...nothing. I replaced the htaccess with the original...nothing.
I had to change the plugin name via FTP to deactivate it and regain access to my site. Once inside I never could make it to work again. When I restored the original name via FTP and try to activate it, I get an error: plugin doesn´t exist.
I tried several times but never could go back into the settings area to change whatever was giving me problems. I finally gave up.
After deactivating and deleting, it really doesn´t cleans itself and uninstalls properly. It leaves behind stuff in the wp-content and tables in the database (this is a double edge sword, because it is also good to leave it untouched).
I didn´t really want to erase manually, so I had to wipe off my whole site and restored a clean backup.
Sadly, this plugin didn´t work for me :(
I think it´s still buggy and needs more testing.
It seems promising, but it´s not there yet.