This plug-in was meant as a simple wake up call to people who were otherwise not even paying attention to the login attacks on their sites. No more, no less. I could go full fledged admin panel on it, but if said site gets compromised, attackers are going to just change where the email gets sent to anyway. This is more or less a passive plug-in, and most attackers aren’t even looking for it on systems. I suspect that will change over time, but I have no intention of modifying it at this point in time, due to the fact that an option like this, requires storage in the wordpress database, and just leaves another avenue open for attack. If you get 30 or 3000 emails of login attempts, you’re not securing your site to begin with, and this plug-in, is only to alert you, not protect the login page…
https://krebsonsecurity.com/2013/04/brute-force-attacks-build-wordpress-botnet/
