What if an admin has to make an urgent update and mistypes her username?
Haven't you white listed your admin's IP address? If you do you'll notice that it bypasses ALL rules intended to stop hackers.
As for legit users that can't manage their username/password information and get locked out you have a choice of either making the lockout period something along the lines of what Google uses (unless they've changed it)--three attempts, then a 24 hour lock out. I'd rather be gentler and kinder and after three bites at the apple lock them out for 1-3 hours. You're not an incompetent user's mother and required to clean up after them for every mistake they make. Besides, without some consequence to keeping track of their username/password they will never learn to be modify their behavior.
As for immediately locking out attacks on "admin." That I can get on board for implementing. As for the banned users what if you block their IPs permanently when you ban them? You shouldn't have any trouble finding those IPs if you look at the login list.
You're going to have to find a balance to address your needs to cater to incompetent users and the need to prevent hackers from attempting to login to your site without making Wordfence bloaded--don't know if you've noticed that Wordfence creates as many database tables as a WordPress installation. Not a terrible thing in itself, but it does increase DB calls, which can have an impact on your site's performance.