One answer to my own question is to use the Wordfence plugin. After installing this DDOS protection plugin, look in the Wordfence dashboard and the frequency of ‘failed logins’ immediately drops off because most/all failed logins are from bots trying to hack the website. Since this plugin blocks those bots before WordPress sees the login attempt, the failed logins list in Wordfence does not show any failed login attempts after installing the DDOS protection plugin! It is a very impressive result to observe.
