Those of you who run a popular website know too well about your login page getting targeted by hackers. There are plenty of plugins that can track failed login attempts and block attackers. You can also bring your own code to disguise your login page dynamically. Chameleon Login Protector has you covered. It creates a shape shifting login URL with a slung that is generated randomly.
This plugin requires form submission within up to 30 seconds. It can block fast and slow brute force too. It temporary bans 3 suspicious attempts and can purge blocked IPs automatically. Since it returns the same error for all failed attempts, it makes harder for hackers to figure out what to do to get around your security system. This script can detect distributed brute-force attempts. It catches not only bots but manual attackers.