I'm running 27 blogs all with Better WP Security installed. I am using Hide Backend and Away Mode on all of them, but I still get failed login attempts all day long.
My Away Mode settings only allow me to access the backend from 9pm-10pm daily, but I still get 100's of failed login notifications all throughout the day. How are these people accessing my login page when I the owner cannot even make an attempt to login to my sites?
I've confirmed the logout page (domain/wp-login.php?action=logout) is still visible when both features are active, however when Away Mode is enabled clicking "logout" takes you back to the homepage, not the login screen.
Where/how are they finding a login page with Away Mode enabled?