We recommend that all WordPress clients should use the Wordfence Security plugin. There is a Free or Premium version but for smaller non-mission-critical websites, the free version provides adequate support. Please feel free to upgrade for you peace of mind.

Wordfence Free includes:

• an endpoint firewall - Identify and block malicious attackers targeting WordPress.
• a malware scanner - Vulnerability alerts, file modifications etc
• login security - Two-factor authentication, rate limiting, brute force protection,

It is, however, essential that Wordfence is installed correctly. Please read more about the installation procedure here.

How to block unknown login attempts

• Go to Wordfence in the WordPress dashboard
• Live Traffic  >  Traffic logging mode: Security-related traffic only. Login and firewall activity will appear below.
• If you click on a country on the list - it creates a dropdown  >  Activity Detail
• Then look for BLOCK IP - click it.
• Then go to Blocking option on Wordfence
• Here you will now see the entries of IPs you have blocked.
• Check/tick the IPs and "MAKE PERMANENT"