So … we do have a sister plugin Deny All Firewall which works in conjunction with “Block wp-login”.
All “Block wp-login” does is obfuscate the login url.
With Deny All Firewall, you can lock
/wp-admin/ down so that only successful logins are able to access any files within the Dashboard.
What you are suggesting wouldn’t actually work because if you had a whitelist list of IP addresses allowed to sign in then no other IP addresses would be able to sign in anyway so there wouldn’t be a requirement for a notification email. Furthermore, most users work on dynamic IP addresses (which is why Deny All Firewall updates a user’s IP address on login and if it changes during the session).
If you really want to lock your
/wp-admin/ down to a strict set of specified static IP addresses, it could be done but you’d need to make sure that assets that are required by normal visitors (like
admin-ajax.php) are still accessible.
Let me know if I’ve not understood your requirement.
Understood, thanks for taking the time.