Plugin: Login Lock Down
This plugin will automatically block IP addresses when multiple failed login attempts are detected. By default the plugin locks an IP for an hour after 3 failed attempts, but this can be changed in the Options panel. Admins have access to release the blocked IP addresses as and when required.
Use can also use .htaccess to manually restrict login to specific IPs or IP ranges.