Go to Admin Tools, Web Application Firewall, Configure WAF and set "Treat failed logins as security exceptions" to No. Alternatively, if you want to stop the emails but still log these attempts and auto-block them find the "Do not send email notifications for these reasons" option and add "Login Failure" to it.
Please note that an increased number of failed login attempts DOES NOT IN ANY WAY mean that there is a vulnerability on your site. These are brute force attacks, i.e. idiots trying a large number of usernames and passwords hoping that they will guess a combination right. They will try that on every site. It does not say anything for your site or the software it's running on.
The auto IP block does work. However, you need to know how Joomla works. The login events are processed before onAfterInitialize (the earliest entry point where third party plugins can hook into). This means that a failed or successful login is processed first. Then, Joomla runs onAfterInitialize. We hook on the failed login event to record the failed login attempt. In the next millisecond Joomla runs the onAfterInitialize, we see that the IP is blocked and we block that access. Because of the order of the events the login event is ALWAYS logged, even from autoblocked or manually blacklisted IPs. There is nothing we can do about it as I have explained multiple times over the last 9 years :)
So, all good with your site. Don't worry.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!