Not blocking incorrect passwords?

What value is your “Time Length of Lockout” field set to?

Over the next 10 minutes there were about 300 further login attempts, using 2 existing userids, from the same, locked out, IP address. These show up in the plugin WP Activity’s log.

Are you referring to this plugin’s activity log or some other plugin?

If it is this plugin, then anything which shows up in the activity log means that it was a successful login event.

When the above entries were being recorded did you also check the “Currently Locked Address Ranges” table in the Login Lockdown tab to see if the IP address range was indeed still locked out?

The lockout time length is set to six hours – when I saw the 300 entries in the log, the lockout was still active. The log is provided by a plugin called WP Activity.

I can’t speak for other plugins and I’m not sure what the plugin you suggested does, but I can say that if you are not seeing any login activity logs in our plugin’s display then the IP address range is being blocked successfully.

Should these repeated attempts have triggered further lock outs?

If the lockout is still currently in effect as you are suggesting, then the plugin doesn’t need trigger another lockout.

OK, thanks. I had installed WP-Activity before finding yours, and had kept it as it can also log posts, comments etc, but really yours makes it redundant – I’ll uninstall it.