When we transitioned over to WPMU Dev subscription we replaced WordFence on our sites with Defender.
One of the features they had which we cannot find in Defender is the ability to immediately timeout or block a user but the username they attempt to hack the site with. ie ‘admin’ or ‘user’ as we would never have these on our sites any attempt to use it is a malicious attempt to probe an unsecured system.
Over time we have managed to build a list of the most common attempts which hackers try so the ability to import and export this list is also very useful.
Whilst blocking by IP is good it is also easy to sidestep so this extra facility to block by username reduces the need to micromanage or investigate any intrusion attempts. A flat-out block on a user tends to make the 'have a go hero' get bored very easily and wander off that much more quickly.