Answer:
Note: Nayem’s hosting account was hacked with the .bt hack prior to installing BPS Pro. The .bt hack is a very simple hack to clean up/remove. The hosting account hack clean up took around 1.5 hours for base hosting account hack clean up + 3 websites.
The IP address is for a known Swedish Spammer that leaves comment spam > https://www.projecthoneypot.org/ip_62.102.148.162
WordPress exposes usernames on the frontend of the WordPress site. So comment spammers use automated bots to automatically attempt to login to a website using the exposed usernames/account names.
BPS Pro Login Security locks failed login attempts after X number of failed login attempts when hackers and spammers attempt Brute Force password guessing attacks.
You can create an additional Administrator user account that is just used to login to your site. If you never post anything on your website using that additional Administrator user account then the username/account will not be exposed on the frontend of your website.
https://forum.ait-pro.com/forums/topic/login-security-email-alert-a-user-account-has-been-locked/