blocking wp-login.php.

First of all, the plugin handles quite well all brute force attacks even with default settings. So, you can rely on it.
Put that username on the list of Prohibited usernames (Users tab) and forget about that forever.

Hi! How is it going?

Hi makemake,
The whitelist overrides the blacklist. When you set it up, Cerber automatically whitelists your IP adddress range. That means you COULD get attackers from your ISP, but that’s a small slice of the whole world. IMHO, it makes sense to disable the “admin” and “administrator” accounts, because they’re an obvious attack vector. Change your admin name to ‘your own Name plus some nonsense’ like George554, to reduce that vulnerability.

Read ArsTechnica’s articles on cracking.

And use a password manager (KeePass) and strong passwords https://makemeapassword.org/generate/ReadablePassphrase

If they’re attacking wp-admin, then yes, using the IP blacklist will help, as will blacklisting ISPs that use the forbidden “admin” or “administrator” user names.

As does having a 100+ bit password (https://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.html)
It’s called a layered defense.

For a serious project, you might want to use a mobile notification on any admin account login: https://wpcerber.com/wordpress-mobile-and-browser-notifications-pushbullet/