The automated black list system (engine) will block the IP addresses of naughty visitors after a specified number of transgressions. It is best described in the blog release here: Automatically block malicious WordPress visitors by IP address


After reading the above blog article, some important points to note are:

  • It is enabled by default when you install, activate, upgrade the plugin
  • It is available from v4.10+ onwards
  • You can turn it off by setting Transgression Limit to 0 or by turning off the IP Manager module


Note: IP Manager module also gives you the ability to manage blacklisted and whitelisted IP addresses. To find out how this IP Lists Manager works, read the article here.