I do not understand what you mean by “blocking fail login attempt”. Because if an attempt failed, there is no need to block it 🙂
If you are referring to brute-force attacks, it depends on your configuration:
-If you selected “Yes, if under attack”, the firewall will log the beginning of the attack only (if there are 3,000 attempts, it will block them but won’t write them all to the log). It look like this:
11/Apr/17 01:09:16 #1663590 critical - 199.15.233.176 POST /wp-login.php - Brute-force attack detected on wp-login.php - [enabling HTTP authentication for 5mn] - domain.com
-If you selected “Always ON”, there is no way to know because all requests are blocked.
