in stop spammer, protection options try disabling this option:
Check credentials on all login attempts Normally the plugin checks for spammers before WordPress can try to log in a user. If you check this box, every attempt to login will be tested for a valid user. This may allow a hacker to guess your user id and password by making thousands of attempts to login. This is turned on initially to prevent you from being locked out of your own blog, but should be unchecked after you verify that the plugin does not think you are a spammer.
worked for me.
