[xenospn]

If what you’re dealing with is thousands of attempted brute force attacks on a daily or weekly basis, a wordpress plugin might not be the solution.

[kijin]

Sure, but you don't know that until the attacks actually begin, and anyone can attack any site for any reason these days. Meanwhile, most people who run WordPress sites don't know how to do anything more complicated than installing a plugin. Being a developer who caters to that market has its own charms and challenges.