The feature you have requested exists since 2010 and, in fact, predates the "treat failed logins as security exceptions" feature you were asking about :)
There are three distinct features:
- Email on failed administrator login
- Email on successful administrator login
- Treat failed logins as security exceptions
The first two only apply to logins made in the backend (administrator) of the site. I recommend having both enabled as it helps you understand who is logging in or failing to. If you see many failed backend login attempts I very strongly recommend using the administrator password protection feature (uses the least resources; requires an Apache or Lightspeed web server) or the administrator secret URL parameter feature (uses more resources; works on any kind of web server). Moreover, you should use a second factor authentication solution e.g. the one offered with Joomla! or Akeeba LoginGuard. Both solutions were written by yours truly, seven years apart, and both are free of charge.
The latter option is what you have enabled but it only really applies to the failed frontend logins. You can safely disable this feature. It only really makes sense when you have a very small set of users who can login in the frontend. Think about company sites with something like 5-10 users in total. The idea is that lots of failed logins at a small period of time are a strong indication that someone's trying to brute force a frontend admin login therefore we should block them. The only way to do that is by treating the failed logins as security exceptions so they count towards the IP autoblock threshold.
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!