I renamed wp-login.php to something entirely different with a different extension. I left it like that for at least a week. I keep getting spammed with notifications of failed login attempts.
Today I renamed the file to the original, logged-in immediately and saw on the dashboard that I had 5 failed login attempts today.
So, this is quite concerning and I have decided to uninstall the plug-in. It feels like the vendor is using fear tactics to sell.
Unless somebody can explain how bots going after known entry points can attempt a login that would get detected by this plugin even when the entry point is no longer available, I’m certainly not going to recommend this plugin.
