Have you ever forgotten your password and tried to login multiple times to your bank account.
After 3 failed attempts a message comes like “Your exceeded your login attempts. Please try later or contact our account reps”
Brute Force Attacks or multiple failed login attempts are sometimes used by malicious users to gain access to your account. Most major installations protect against it this way.
There is a plugin by Michael VanDeMar, that I strongly recommend you to download.
It will secure your your WordPress installation in the same fashion.
This plugin will record the IP address and timestamp of every failed login attempt.
Currently it defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes.
The great thing about this plugin is that it comes with an admin interface, where you can configure all these timings in any way you like. ( see below default values)
To download or see more click here.