We have a complex admin username and password set. I still get on average 10 lockout emails from Loginizer every day. With the settings I have in place there are 9 attempts before the lockout email is sent, meaning 90 attempts per day.

Is my only option to password protect wp-login.php per this page in the codex or is there another solution? Trying not to confuse a client that is not completely tech savvy with too many logins.

Or am I being overly concerned about the number of notifications sent and need to relax. Just getting frustrated with the amount of time it’s taking to check they aren’t guessing the correct admin username.

FWIW, I use WordFence and have it set to lock-out an IP for 4 hours after three login attempts in 5 minutes. If someone is really persistent and comes back again and again, I lock them out a the server firewall.

I have loginizer set to lockout for 20 minutes after 3 login attempts. After 3 lockouts it extends to 72 hours and emails me.

They seem to be rotating IPs as there are no duplicates in the logs.

Thanks again!