So I discovered today the following:
A person had been trying to Brute force the login page on my site. bwps stepped in and locked them out after 5 attemps and after few hours of this bwps perma banned the ip as a repeat offender.
To my surprise the lockout notices kept coming for the same ip address but its supposed to be banned.... through some testing I found that when wpbs bans someone the way it writes the rules it doesn't ban them from using the post method.
Note*: the login limits do temp ban the ip for excessive bad login attempts...but thats only temporary.