The automated black list system (engine) will block the IP addresses of naughty visitors after a specified number of transgressions. It is best described in the blog release here: Automatically block malicious WordPress visitors by IP address
After reading the above blog article, some important points to note are:
- It is enabled by default when you install, activate, upgrade the plugin
- It is available from v4.10+ onwards
- You can turn it off by setting Transgression Limit to 0 or by turning off the Block Bad IPs/Visitors module
Note: Block Bad IPs/Visitors module also gives you the ability to manage blacklisted and whitelisted IP addresses. To find out how this IP Lists Manager works, read the article here.