Thanks mate,
When I went to install the plugin you suggested, I checked another one that seemed to include its features + some and ended up installing the alternative -
All In One WP Security.
I haven't activated all its features yet. One of them - locking up login on failed attempts - has given some results I'm now trying to make sense ~ someone here hopefully would have a better clue than a newbie like me.
A sample summary of the results is in the attached file ~ what are these organisations trying to log into my backend for?
Or are there crooks using them as a channel to do no goods?