Thanks for your suggestions. Very useful.
I now have a plugin that blocks “them” from getting access to wp-login after 3 attempts.
It has not stopped them running a program that keeps trying.
I’ll see if any of the other plugins mentioned above will help with that.
