Your site was being targeted by a Botnet.
We routinely ban (IP rules/htaccess) ALL traffic from almost all the former USSR states, web servers, bad hosts etc...
(I can make the list available - but note that it's very aggressive so many may find it too restrictive.)
And are always finding more bad sources - often from the WordFence alerts. Basically if someone tries to login with a fake username - that IP gets checked and quite often the host CIDR is banned, permanently.
No, wasn't a WordFence bug - was just the way WordFence works - hopefully it still works this way (I for one WANT to know when anyone tries to login, even if with a blank username) or I'll be backdating to an earlier version...
