Hi, did you also enabled Login Whitelist feature in Brute Force?
Follow the instructions below.
– Use cPanel file manager (or FTP) and temporarily rename this plugin’s folder. Rename the plugins folder name from all-in-one-wp-security-and-firewall to tmp-all-in-one-wp-security-and-firewall. This process automatically disables the plugin in your site. (Note: If you still can’t log into your site, make sure you have cleared the plugins entries from the .htaccess file.)
– FTP the .htaccess file from your site to your computer and edit and remove all the code between and including the following tags: Make sure you upload the .htaccess file back into the same location you downloaded the file from via FTP.
# BEGIN All In One WP Security
# END All In One WP Security
Let me know how you go.
Thank you