Thanks, I don't have that function in any of my files or content.
Thanks for your input. Now I know it can't be prevented totally. I would like to add a security step something like "if X number of failed attempts, block that IP for Y minutes etc." but I have no idea how to do that.