Plugin: Limit Login Attempts
By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease. This plugin limits the number of logins for users.
Limit the number of retry attempts when logging in (for each IP). Fully customizable
(WordPress 2.7+) Limit the number of attempts to log in using auth cookies in same way
Informs user about remaining retries or lockout time on login page
Optional logging, optional email notification
Handles server behind reverse proxy