My apologies to the people in this thread. I went back through all the posts since the beginning of this thread and was reminded of a post I made 9 months ago. I stated:
Wordfence allows you to immediately lock out invalid usernames. Recently they added the feature "Prevent users registering 'admin' username if it doesn't exist" which I am glad for. However, my block list is heavy... I get hits for admin, adm, administrator, adminadmin, manager, user...
Back then, my biggest problem was that blocking invalid usernames made my block list long & cumbersome. Back then, my servers ran slower because my log files & database entries were huge. I was getting buried in email telling me of all the hack attempts.
To circumvent that problem, it was suggested that I not block IP addresses or invalid usernames for more than a few hours, instead of days. Another suggestion was to turn off the switch that sends email for all the attempts.
So, I do have "Immediately lock out invalid usernames," "Don't let WordPress reveal valid users in login errors," and "Prevent users registering 'admin' username if it doesn't exist" check marked. Now, Wordfence has "Maximum email alerts to send per hour" added where you can limit your email alerts per hour.
@sgpark Perhaps you don't mean to be or sound aggressive in your posts. But they do come across harshly. Although I appreciate your feedback and your help, nobody needs to feel like their opinion is stupid, unnecessary, or irrelevant. There are many on board here who may not know how to verbalize, in English, what they are experiencing. Of course, posting and reading posts is a two way street. The reader is also responsible for how a post is read. And, as a reader, I need a thicker skin so as to not take offense with another person's posts. So, let me apologize for seemingly frustrating you, who I assume is not a Wordfence tech support person. I originally came here for help. Not to be flamed.
@Storyman Thank you for your patience and enlightenment. However, I should have reread my previous posts before posting. I am glad that Wordfence now blocks users from choosing 'admin' for a username. I still wish there was a better way to allow users to retrieve their usernames when they typo or forget their username. But this, I believe, should be a WordPress addition...not Wordfence.