Login Lockdown – Temporarily locks out user by IP-range when a number of failed login attempts are detected. Prevents brute force attacks, or at least it slows them down to a near halt.

WP-reCAPTCHA – A CAPTCHA (obfuscated text) plugin that uses Carnegie Mellon University’s reCAPTCHA system as a backend. Requires free registration.

Both plugins are available through the automatic plugin installation system, so just do a search for Captcha or Lockdown and you should be able to find them.