This is done with another plugin:

All In One WP Security & Firewall

by Tips and Tricks HQ, Peter, Ruhul, Ivy

It has a wonderful set of all sorts of security features. Go to the plugin homepage for more information and details.

I have only activated 4 features:

1. I changed the default admin login username to something different. Thus making it harder for potential attacks to get the first half of the access details by guessing.
2. I am locking them out if they use a wrong username. So to reduce the opportunity to get in.
3. I locked down the login. So after 3 wrong login attempts (with the existing username) the IP address is locked out for a long time. Thus slowing down any brute force attacks.
4. I require Captcha (from the Brute Force section) for all logins. This makes Brute force and script kiddy attempts a thing of the past, because they need to solve a simple calculation (eg. 1+2=)

All other options are well documented in the plugin.

Well done 5 Stars from me.