Blocking Brute Force Same Login - Different IPs

[consultant]

I have a Wordpress site that uses a different admin login username. Somehow the new username got broadcast to whatever hackers get their "known" usernames for a site from as now I can see in my Wordpress logs there are frequent failed logins for this username from different IP addresses. I believe all brute force attacks have to be based on detecting login attempts from the same IP address and blocking the IP. Is it possible in CSF to create some sort of rule that immediately blocks an IP if it tries to login as the old admin username. The user is since deleted so I guess as a practical matter one could argue, who cares if they are trying to login to a deleted user account, but it bugs me seeing all the entries in the log.

I know my security plugin in Wordpress has a local brute force option and even has an option to block anyone that tries to login as 'admin' but I have it turned off because I run multiple Wordpress site and I prefer to handle security at the server level.

[BallyBasic79]

I just posted a custom rule for this in the Custom REGEX rules for CSF thread:

Weeding Out WP Whackers

HTH