Login security seems to have stopped working on one of my sites. I'm still getting 'User locked out from signing in' alerts from other sites (including one on the same web server) that use Wordfence, so there must be something specific going on with this site.
Login security was previously working on the site in question, but the last blocks logged by Wordfence were about two months ago. And I just watched traffic from one IP address as it tried the login/register/lostpassword links repeatedly for about an hour, about twice per second.
The site in question uses two security-related plugins that I don't use elsewhere: New User Approve and Registration Honeypot. I'm going to try disabling those to see if it makes any difference. I'll post my findings here.