Thanks for your plugin and nice interface, I have a query I have enabled hide backend with custom login slug and security key. Also I have limit login attempt to 3 per host , 5 per user. Also I am using Google authenticator plugin to log on my site.
But I surprise in Logs I have seen daily 200-300 bad login attempt with user admin ( There is no user with admin). How these guys able to access login screen without knowing login slug and secret key. From where they get to know about secret key.
Where is the vulnerability so that I can correct them, I am not having too much of coding knowledge but I can correct them if I found the cause.
Thanks in advance.