@Alergic, you may consider using the fully qualified URL including the protocol http:// at the beginning. Although I originally reported that it was not working, then I realized that WordFence was blocking the intruder after the second attempt. There may be a technical reason for the first hit not being blocked, or it may be an oversight.
Cemal