I received today a lot of email warnings from WP-Cerber saying that “The number of lockouts is increasing”. The emails say that the reason for the lockout is that someone tried to log into my site using the “admin” username, which doesn’t exist.
Here is the problem, though: I have set up a custom login URL (using precisely WP-Cerber), and I’m positive that I didn’t share it with anyone. Therefore, I’d like to know when do these lockouts and warnings get triggered: is it when someone tries to log in using my custom URL? Or do they get triggered too if someone tries to log in using the standard
/wp-admin/ address? Because in the first case, it would mean that someone guessed my custom URL, but I find that impossible.