Limit login attempts

In brute-force attacks, attackers usually deploy bots on your WordPress login page. These bots are programmed to try out combinations of common usernames and passwords to gain access to your site. These bots can make thousands of attempts within the span of a minute, which can break your password combination easily. Hence, one way to reduce the number of brute-force attacks would be to limit the number of login attempts e.g. 5. After making 5 login attempts with the wrong credentials, the IP address will be blocked from the login page temporarily.
 
Limit Login Attempts Reloaded plugin:
Tutorial on how to use plugin: