I started using the WP plugin "Stream" and monitored my sites via RSS.
Then I looked into the plugin "WordFence". And also tried "Rename wp-login.php".
I haven't yet tried "Security-protection" but the idea is very good for right now.
What a waste of energy, and creativity, all this hacking, trying to break into accounts. People spent days, weeks, months behind their computers to invent more nonsense.
Thank you for his plugin ;-)
I think you should set the default to sending emails; this way admins get an idea that the plugin is working; then they can turn the emails off.