1. Although I changed the account locked out time to 20 min it still says wait for 30min, and by default it was 60min but still said 30min when the account was locked out.
2. It doesn’t reset the number of successful logins after a successful login.
Are you using any other plugins that do anything with Login Security or Login Protection? Most likely another plugin is overriding BPS Login Security settings.
here is the list of my plug-ins, as far as know, they should not cause any conflict I installed limit login attempts plug-in briefly but I removed it:
Akismet
BackupBuddy
BulletProof Security
Co-Authors Plus
Cookie warning
Custom Login 2.0
Duplicate Post
Gravity Forms
Gravity Forms User Registration Add-On
Jetpack by WordPress.com
Register Plus Redux
s2Member® Framework
VaultPress
WP User Avatar
You would probably want to use S2Member Login features instead of using BPS Login Security. I believe S2Member has pretty decent login security/login control. Typically you would not want to use 2 plugin features that do the exact or similar thing because it is pretty much guaranteed that they will conflict with each other if they are both trying to do the exact same thing or something very similar.
Thank you this answers my question, I did not realize S2 member had same login protection, I checked and saw where the 30min restriction was from. It was S2 member, I turned of the feature in BPS. Now everything is fine.