Joomla Login LockDown
Login LockDown is a plugin that limits the number of login attempts from a given IP range within a certain time period. This plugin will record the IP address and timestamp the number of failed login attempts. If the system detects more than a number of login attempts within a short period of time from the same IP range then the login system is disabled for all requests from that IP range.
Login LockDown plugin defaults 1-hour lockout of an IP block after 3 failed login attempts within 5 minutes. Login LockDown plugin is easy to install and use, you can customize from the Options panel.