If you are here reading this then it’s likely you are dealing with scammers/hackers and it absolutely sucks.
I hope you have a secure password and username so they don’t actually gain access otherwise you are in a whole other world of shit. But if you do have a proper password then you are probably getting 100 emails a day about the failed login attempts which are beyond annoying.
The solution is SOOO simple though, I found a plugin that masks your login URL. The reason they are so easily able to try to brute force attack your login screen is every WordPress install uses the wp-admin URL as the login screen. Change that to another URL and all your issues are gone.
WPS Hide Login is the plugin I found and it allows you to change the login URL. Just for fun it also allows you to redirect the scammers, I send them to a Rick Roll page just for shits and giggles and I have my login set to a string of characters they would never guess so I of course still have the limit login attempts and those security plugins that everyone uses but they are all but useless at this point.
Here is a link to WPS Hide Login, it is super simple to implement, totally intuitive.
https://wordpress.org/plugins/wps-hide-login/