This plugin checks for common user names that don’t exist in the users table. If the submitted user name meets settings criteria the IP will be blocked from the site.
The plugin also has the ability to stop author enumeration by bots.
Recommended Settings
There are two different ways to protect your site from user name brute force attacks. The more strict way is to immediately block an IP that attempts to login with a non-existent user name. This can possibly cause issues with websites that have many users or users that may not login very often and forget their user name. It’s most useful for one-person websites.
The less strict way is to have a black list of user names that only a bot would try like “admin” and user nicenames that aren’t logins.
The “Stop Enumeration” setting redirects all attempts to ?author={ID} to the home page of your site. This will stop bots from incrementing through your users and discovering user nicenames.