So I just got my first limit login attempts email, and an IP address from Italy has been trying to get into my account for the past two days. There have been 7 lockouts in the past two days. (4 attempts per lockout X 7 lockets = 28 attempts)
The usernames they have tried are not my usernames, and the plugin seems to be doing its job just fine. Should I do anything more at this point? Or just turn off notifications so I have don’t know what is happening and trust the plugin.