I have already set WP Security Plugin to prevent brute force by limiting login attempt max only 1 failed login. BUT, today i found that login failed record shows 347 times login attempts!!.
that`s why somebody keep trying to login via back end, and this plugin cannot help at all. How about hide login url? No, it just waste my time. Plugin only can set hide url once, but in other time i cannot hide and my single post articles gone (blank and i reset it with new httacess).

1. I enabled Login Lockdown Feature, and set Mas Login Attempt to 1. This mean, once failed will lockdown.

2. hacker`s ip failed login (95.181.178.59)

3. to know howmany exactly he attacked, i use Audit Log Viewer from WP White Security. it shows 347 times login attempts!!

so, Wp Security plugin not securing any more, it lets attacker play many times.
i hope plugin developer solve this problem.