New in version 2.1.0.
Changed in version 4.0.0: Now also blocks enumeration via the REST API.
Brute-forcing WP requires knowing a valid username. Unfortunately, WP makes this all but trivial.
Based on a suggestion from @geeklol and a plugin by @ROIBOT, WPf2b can now block user enumeration attempts. Just add the following to