I have a single website with several URLs pointing to the single Wordpress instance on my own server. I have set up 301 rules for the secondary URLs and have also enabled Bot protection in the Firewall.
I am still getting a lot of hits reported in Loginizer for /wp-login.php
If I have a 301 rule set up, how is the login on the secondary URL being reached? Also, the attackers’ IP addresses are all Cloudflare ones, so presumably this attack will eventually prevent anyone from logging in?