Common WordPress attack is Brute Force Attack. Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. This plugin limit rate of login attempts and block ip temporarily. It is detecting bots by captcha verification.
You can overcome Brute Force Attack attack by installing “wp-limit-login-attempts” plugin.
- Download and extract plugin files to a wp-content/plugin directory.
- Activate the plugin through the WordPress admin interface.
- Done !
Now you can check performance, So logout from your admin and try to login .
Download link : https://wordpress.org/plugins/wp-limit-login-attempts/