Seems to work fine, but...
I have a WP site that I almost *never* need to login to (maybe a few times a year) and I was still seeing a lot of bot attempts, so I stopped using this and simply added 'exit;' after the opening PHP tag in the wp-login.php page.
This basically kills the login page dead and prevents ANY login, even legitimate ones. Yes, it's crude, but it stops 100% of ALL login attempts cold.
If I need to login, I ftp in, remark out the 'exit' command and login. Yes, it's a little bit more cumbersome but for a site that is almost never logged in to it works perfectly.