unauthorized login

Well… assuming you have static IPs, is their IP address different than yours? If so, then you can block their IP without impacting yours.
However, if you have dynamically assigned IPs, then this will not work.

If they shouldn’t be logging in, can you simply delete their user account?
But if they’re able to log in without a valid user account, then your site has likely been hacked and you need to take measures to remove the intrusion.

(Note: I’m just a fellow Wordfence user, and not a part of Wordfence support…)

• This reply was modified 8 years ago by bluebearmedia.

They’re using a valid user name, even though I changed it recently.
I’ll check on my IP, but isn’t even a dynamic IP related to your location? This person is in another city.

Blocking IPs will only work in context when the person doing the intruding is using a static IP address. Otherwise, while you can block them that first time, the next time they try they might be on a different IP address and so the block won’t apply.

But if they’re using a valid WordPress account, and they should no longer have login access, delete their WordPress account from the User list (or change their password.)

If you want to stop them from completely accessing the site at all (not just not being able to log in, but also can’t reach the site), then you not only have to disable/delete their WordPress user account, you also would have to find something unique about their access (IP address, or other communication protocol) in order to trigger a block that applies to them.

But from the little you’ve described it sounds like all you need to do is disable their WordPress account for your site!