Wordfence allows you to immediately lock out invalid usernames. Recently the added the feature "Prevent users registering 'admin' username if it doesn't exist" which I am glad for. However, my block list is heavy... I get hits for admin, adm, administrator, adminadmin, manager, user, ... When a brute force attack comes across my sites, just blocking invalid usernames makes the block list long and cumbersome. I wish I could get the User-Agent function to work... However, for now I block all these invalid user names for 2 days and then release them. If, during those 2 days, I'm constantly attacked by a temporarily blocked IP address, (it shows you how many times a blocked IP attempts to break in whilst blocked) then I block them permanently.
Typically, if one of my sites is attacked, then the rest will also get attacked because most of my sites are on the same server. So by
letting your host know where most of the attacks are coming from allows your host to block out a country either temporarily or on a more permanent basis. This helped me last week when I was attacked by Ukraine, Federation of Russia, Romania, Iran and China.
Today is a far different list.