Yesterday and last night, someone was trying to login to one of my sites repeatedly. They were using a nonexistent user name for each of these attempts.
Normally, his happens every once in a while (not repeatedly as it was yesterday) and I'll get notified via email and then go and manually block the IP.
In the case of this attack(?) I just couldn't keep up. I was literally getting like 40 email notifications at once. This morning I had over 100 waiting in my inbox.
Thankfully it has stopped, but I had a question about Wordfence functionality. It's my understanding that failed login IPs are not blocked automatically, something that would have been really handy in this instance, although they are locked out based on my settings. On this site, someone is locked out for 6 hours after 5 failed attempts.
I'm wondering if there's a way to automatically block the IPs, so I can just be sure I don't have to worry about these particular IPs again?