This plugin sets limit for maximum number of invalid login attempts per user. When it is exceeded, user account becomes locked and the only way to unlock it is to request new password for it. This makes brute force and dictionary attacks nearly impossible.
Plugin Homepage: User Locker
Plugin Homepage on WordPress.org: User Locker
Author Homepage: Poradnik Webmastera
Author: Daniel Frużyński
Default Wordpress installation is vulnerable to brute force and dictionary attacks, because there is no limit how many times user can use invalid password before finding the correct one. This plugin closes this security hole by introducing maximum number of invalid login attempts. When someone exceeds this number, his/her account becomes locked, and can be unlocked only by requesting new password (using Lost Password option) or asking Admin for help (he/she can do it too). This makes brute force and dictionary attacks nearly impossible.
You can also disable selected user accounts, so users will not be able to log in even if they will know password. You can use this feature to ban selected users.
user-lockerdirectory to the