Hi!
I've had a couple times in a couple last days had some problems with some sort of single-IP brute force attacks. In Login Security Options I have:
Lock out after how many login failures: 5
Lock out after how many forgot password attempts: 5
Count failures over what time period: 10min
Amount of time a user is locked out: 30min
and the following are also checked:
Prevent users registering 'admin' username if it doesn't exist
Prevent discovery of usernames through '?/author=N' scans
I got alerted about blocked IP that was trying to login as user "admin" but when I check my access_log, the same IP has tried login 200 times over 20minutes (post to wp-login.php).
Why isn't that blocked much earlier?
Just noticed that there's an update for Wordfence plugin (and updated immediately) so this has happend with the version previous to 5.2.6.
I'm using free version of wordfence