Yes, you can do one or more of these three things:
Add a Firewall: There are many companies out there that offer this service, modesty aside Sucuri has one of the best “Web Application Firewall” in the market and I highly recommend it. I encourage you to learn more about the Sucuri CloudProxy WAF it is worth the money.
Block IP Address: You can do this with a firewall too but in case that you can not afford to buy a full-featured service, and do not have access to control the “IP Tables” of your server, one of the easiest ways to block an IP address is using the “Access File” also known as “.htaccess” to do something similar to this:
order allow,deny
deny from 255.0.0.0
deny from 123.45.6.
allow from all
Limit Login Attempts: This only helps if you want to deal with Password Guessing Attacks, if this is your case then installing a plugin to limit the number of attempts per hour may help to reduce the quantity of failed authentication alerts. WordPress has a list of recommended plugins here.
Add a Captcha: This as the previous option only helps to deal with “Password Guessing Attacks”, adding a captcha in the login page of the website will do the same effect that adding a limit to the login attempts per hour, the only difference is that this will only stops automated scripts (aka. spambots) and will allow Click Farms to continue the attacks.
So in conclusion, the best you can do to stop these attacks is to add a firewall between your visitors and your website. This will not only help you to get rid of the un-wanted failed login alerts but also will increase the protection of your business.
Thanks for all the great tips! I’m looking into them right now.
thanks again.
