Even still, default login attempts are set at 20. I've had a lot of recent bruteforce attacks, and set that delimiter to 5. On top of that, I try changing the wp-login location with 'rename wp-login'[1], and set it to something like http://www.site.com/hello . Doesn't stop everyone, but helps cut down attempts.