I think it will be better to ask for solving reCaptcha on Login forms after x number of failed login attempts instead of banning the login for a few minutes. Isn't it a good option? Something Like this: x failed login attempts ------> Ask to Solve reCaptcha -------> Allow another x login attempts (still failed to login) --------> block login for y minutes. What does "ReCaptcha Theme for Login Page" does? I find it her: /amember/admin-setup/loginpage? May be I have missed something!