Hi @gostomek, thanks for reaching out!
I see you’re looking for a way to block all login attempts for the “admin” and “urokporcelany” usernames.
While Solid Security doesn’t have a way to block specific usernames, for the “admin” username, you can enable the “Automatically lockout “admin” user” setting in Security > Settings > Features > Firewall > Local Brute Force. Once the plugin detects an attempt using the “admin” username, it automatically locks out the IP, and once that IP reaches the Ban Threshold, it will add it to the ban list.
It’s also a good idea to check the details of the Site Lockouts from your Security > Logs page and trace where the attempts are coming from. If it’s due to the xmlrpc.php file being accessible, you can prevent access to it in Security > Settings > Advanced > WordPress Tweaks. If it’s due to an administrator username being known, I’d suggest creating a new account with a unique username, transferring all content, and deleting the old one.
If you receive Site Lockout notifications from Solid Security for these attempts, you can leave it to Solid Security to do its job in locking them out effectively and subsequently add them to the ban list.
I hope this helps you! Let me know if you have other questions.
