Both Limit Login Attempts Reloaded free and paid versions are fully GDPR compliant according to the Article 6 (1)f of General Data Protection Regulation.
An explicit consent is not required when processing personal data in a matter of security, which is always the case with Limit Login Attempts Reloaded WordPress plugin. A security message on the login page is placed to provide more information to the visitors.
Limit Login Attempts Reloaded is also not required to provide any information to anonymous contacts who refuse to identify themselves or don’t submit requested identification.