Security flaw may reveal user passwords

I first thought this plugin was not working. I use another plugin to limit attempts to login using the wrong password. It greatly slows brute-force attacks and notifies me as attempts arise. When I began receiving notices about brute-force attacks using one of my administrative user profiles, I disabled the profile. But, I noticed the attempts continued for the same profile.

After testing, I realized that this plugin, Disable Users, does not present and block until a correct password is provided. Therefore, it will essentially provide an indication of when a password for a disabled user is guessed correctly.

Can this be fixed?