This plugin sets limit for maximum number of invalid login attempts per user. When it is exceeded, user account becomes locked and the only way to unlock it is to request new password for it. This makes brute force and dictionary attacks nearly impossible.
Plugin Homepage: User Locker
Plugin Homepage on WordPress.org: User Locker
Author Homepage: Poradnik Webmastera
Author: Daniel Frużyński
Default Wordpress installation is vulnerable to brute force and dictionary attacks, because there is no limit how many times user can use invalid password before finding the correct one. This plugin closes this security hole by introducing maximum number of invalid login attempts. When someone exceeds this number, his/her account becomes locked, and can be unlocked only by requesting new password (using Lost Password option). This makes brute force and dictionary attacks nearly impossible.
user-locker directory to the /wp-content/plugins/ directory1.0