not to sure about this

I had been using a different plug in for this same purpose, but was getting warnings from wordfence that it was no longer being supported, so I switched to this plugin. After 2 weeks of using this, I have had 2 attempts to log in, meaning somehow, someone now knows my admin slug???? I NEVER had anyone ever get locked out of the old plugin, but now have had it happen twice. If this worked like it was supposed to, they would have never gotten to the login screen right? OR, someone now knows what my admin slug is to get to the login page. Funny that the IP address that showed on wordfence as being locked out was in India.