Installed this plugin while my site was brute force login attacked to thwart the bots. The bots were trying the user names "admin", "test" and <mydomianname> without the .com and originating from IP addresses worldwide at 10 to 15 attempts per minute. Luckily I don't use any of those weak logins and have very long random passwords.
The plugin is small, uncomplicated to use and there's no bypassing it. The failed login redirect is nice to send traffic back to the bots and tie up their bandwidth.