False site lockout notifications?

I’ve downloaded free version of iThemes Security and I’ve turned on automatic lockout when someone tries to log in as “admin”. And suddenly, i’ve got 3 messages to my inbox, saying 3 IPs from around the world has been locked out because they’ve tried to log in as admin. However, I’m using plugin to hide login page and it’s very unlikely for 3 hackers to suddenly guess my very clever login adress. What’s more, Jetpack, that has it’s own anti-brute force module, and counts failed login attempts, didn’t change it’s number. So, is it a fake? I know a lot of applications that do the same, so user might think they are doing great job. Is it one of them?