Change your login URL for something like http://example.com/login and stop login brute force attempts.
I wish wordpress didn't need a plugin for this basic feature. At least they could let me move wp-admin.
That said, this plugin doesn't change wp-admin so it doesn't provide obscurity (yes yes we all know that obscurity isn't real security). It would be nice if it did but that's probably asking for more than a simple and light solution to blocking basic scripts.
So this blocks wp-login.php and it works. Good enough, I guess. Especially if you really don't want any options at all. If it ever became popular it might lose that usefulness.