Hi, I have exactly the same issue. WP version 3.9.1 and Wordfence v5.0.7.
I have had a dozen or so invalid log in attempts from 192.168.0.21 using various incorrect usernames which I cannot block as it says it is whitelisted - which it is not in in Wordfence options. Looks like the same issue as above. So we can't block someone using these IP's even though its an obvious hack attempt?
Is there anything we can do?
Thanks
Rick