It could be that the Stop Spammers plugin is seeing the admin login attempt and adding it to the bad cache, but that was only a probe. It might have gained entry another way.
The same ip that is hitting the admin login could be hitting some plugin with a problem. These come in spurts of a half a dozen attempts at a time.
There are some plugins with holes in them that let spammers in.
Robots are hitting the following on my sites, looking for plugins with exploits:
auto-attachments/a-a.css
category-grid-view-gallery/cat_grid.php
cimy-user-extra-fields/README_OFFICIAL.txt
ckeditor-for-wordpress/ckeditor.config.js
contact-form-7/license.txt
fcchat/default.png
font-uploader/font-uploader-free.php
front-end-upload/destination.php
gallery-plugin/gallery-plugin.php
mac-dock-gallery/bugslist.txt
/magic-fields/MF_Constant.php
nextgen-gallery/changelog.txt
nmedia-user-file-uploader/readme.txt
resume-submissions-job-postings/installer.php
user-avatar/readme.txt
user-meta/readme.txt
user-photo/admin.css
wp-e-commerce/license.txt
wp-filemanager/fm.php
wp-homepage-slideshow/functions.php
wp-image-news-slider/functions.php
wp-property/action_hooks.php
wpmarketplace/readme.txt
wpstorecart/lgpl.txt
zingiri-web-shop/admin.css
scripts_ralcr/filesystem/writeToFile.php
scripts_ralcr/filesystem/writeToFile.php
These are only the ones who repeatedly hit my site. I have a little plugin that adds the ip address to my htaccess file so they can’t come back.
If you have any of these files, it could be that you need to remove the plugin or upgrade it to a version without the problem, if it has been fixed.
