Sometimes you need to add an extra protection to password-protected website. This plugin access to the login page can be restricted after some unsuccessful login attempts. This schema uses visitors IP address to store log attempts in the database and block access to login feature for some minutes after some unsuccessful attempt.
There are a number of reasons to restrict access. One reason is security. Quite often users try to guess login and password combination to get unauthorized access to the system. Another reason is extra load on server.
Limit rate of login attempts and block IP temporarily. It is protecting from brute force attacks.
Go to Dashboard->WP User ->Security
1) Click on ‘Enable Limit Login Attempts Setting’ check box and set attempt and Lockout count
2) Click on ‘Update’ for Save setting