If you see Server log entries that show another ip address that is not your ip address that is accessing anything in your /wp-admin/ folder/WordPress Dashboard backend then most likely a hacker Shell script was uploaded somewhere in your hosting account. a hacker Shell script is similar to a WordPress Dashboard, but a hacker Shell script is much more powerful and has the capability to access the /wp-admin/ folder on all of your sites under your entire hosting account. hacker Shell scripts can access all of your WordPress databases under your entire hosting account. Basically a hacker Shell script is like a web host control panel for your entire hosting account.
BPS Login Security & Monitoring has the option to log all logins, but if a hacker did login and they knew that the login was logged by BPS then they would just delete that logged login. If a hacker Shell script was used then they would not need to login to any of your WordPress sites. A hacker Shell script gives the hacker full control of your entire hosting account.