If a login fails or is spurious (''e.g.'', Wikimedia suspects it was not by the right user) and Wikimedia sends an email to the login user, the user should know immediately and, if the user does not see the email immediately, at least the user should see a date-time stamp that is within a minute of when the login was attempted. There seems to be no other way to find out the date and time of the attempt, ''e.g.'', no log to check later. Please send the email right away, even if other kinds of emails go out less often or not at all.
Less-frequent emails may be more efficient for other purposes for some users. If I start work and check my email, I don't need 6 emails when one (with the same info) will do. But security is in the mutual interest of both Wikimedia and a user. If someone has cracked a user's security and starts hijacking, both the user and Wikimedia will want the damage limited and the cracker caught and neutralized as fast as possible. And immediacy may prevent any ground for worry; if I know that I logged in at the moment the email went out, then I likely don't have to ask Wikimedia to help me straighten anything out, which Wikimedia might want to do when bad things happen to good people. With immediate notice, we'd all have less work and more assurance of security.
This is vastly preferable to telling me that an event happened merely "recently". That's the practice so far. That's too vague.
Immediacy for security can be a default setting so a user can opt out. Even if a user has generally requested that emails be sent only daily or less often, security should override that nonsecurity setting.