Anyone who has managed a WordPress site for a little while understands the importance of limiting login attempts and securing wp-admin pages. You can always use .htaccess and NGINX rules to limit access to various parts of your site by IP. Plugins such as WP Cerber also help. This plugin lets you limit attempts by IP address or an entire subnet class C.
The plugin logs login/out activities and monitors attempts made through login forms or XML-RPC requests. Want to create a custom login page? No problem. You can also manage black and white access lists for your visitors. WP Cerber tracks time, IP addresses and usernames for every attempt to make your life easier.
WP Cerber lets you disable XML-RPC, feeds and REST API. It is Fail2ban friendly.