I survived the last big series of attacks with about 1 per second for a period of 11 hours. Since then I have paid more attention to the settings in the Options. I was confused by the two different Save actions.
If you change the settings in the lower half of the page e.g. select Scan theme files and plugin files against repository versions for changes and save the change the Basic Options Security Level to High it removes the above scan items. If you then reselect the scan items it and save, the Security Level is changed to Custom Settings, but this does not indicate what Security Level is being used. Does it retain the high security level?
I have two sites on the same server. On is listing locked-out Ips the other is not. I am only getting a few attempts to log in per day so I am manally blocking the unlisted IPs to be sure. One interesting attempt was:
A user with IP address 71.40.109.175 has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 10. The last username they tried to sign in with was: 'admin'
User IP: 71.40.109.175
User hostname: 175.109.40.71.gvodatacenter.comNote the mirror image IPs! Any significance?