I maintain a blog which is currently under attack. Login Security Solution has been notifying me about the failed login attempts, as its supposed to. However, I've run into an interesting situation and here's the scenario:
A hacker uses my WordPress login id in an attempt to login to WordPress. The attempts fail repeatedly. Eventually, _I_ will try to login to WordPress, using my correct password. I will be informed of the need to reset my password. Let's assume I'm able to reset the password and get logged in to WordPress ok. Cool.
Here's my question: what happens if the hacker continues to attempt to login to WordPress using my login id and incorrect passwords? I can see the hacker effectively blocking me from logging in to WordPress because I'm repeatedly having to reset my password, due to the _hacker's_ failed login attempts.
Here's another question: if a hacker attempts to login to WordPress using my id and the incorrect password, why am I eventually required to reset my password at all?