ranald

Thanks for the reply. This is exactly how it has been behaving – blocks usernames that DO NOT exist on the site – only. Does not block currently existing usernames.

This is a big disappointment. I (and the user in question) would be tremendously more secure if we could block the existing username – which was under tremendous brute force attack – thereby stopping the attack and stopping the likelihood of user’s password being guessed and used for whatever nefarious purpose intended. This would not only improve the site security, but also users security.

Username could be quickly and easily returned to use after the attack was over, none the worse for wear.

Thanks again.

I am now having a similar problem. IP’s attached to user names entered here work or not. The ones where IP’s are block are also invalid user names. The only valid username (formerly and administrator since demoted to subscriber) allows log in attempts despite being listed in Immediately block the IP of users who try to sign in as these usernames”. This rule consistently fails.