Sent the report from one of the sites out of 6. But I have the same issue after wordfence “forgets” who I am forces me to login again after 7 or so days, on same machine/ip/browser. Yes I use /wp-admin and /admin, backdoor from host works most of the time to bypass the error, they have a /wp-admin URL which just somehow works than me just typing in the URL into the browser requires me to login after 7 or so days.
Other security plugins I use that are minor plugins in comparison to wordfence are Advanced Google reCAPTCHA and Jetpack for this 1 wordpress.
