Brute Force Attacks
Frequent attacks on WordPress are associated with the test and error method to enter multiple combinations of usernames and passwords until a successful combination is found. This is the type of brute force attack that allows access to your page.
By default, WordPress does not restrict login attempts, so bots may use the brute force method to attack your WordPress login page. Even if a brute force attack is not successful, your server can still be destroyed as login attempts will overwhelm your device. Some hosts, particularly if you are on a shared hosting plan because of system overload, can suspend the account. While you are under brute force attack.
The solution to this is using 2Factor Authentication an industry-standard security practice that uses two-layer credentials to reduce unauthorized site login opportunities. You can include two-factor authentication to a WordPress page if you wish to add 2FA to your WordPress web site.