I’ve been bombarded as of late with a huge number of email alerts from my security plugin about blocked attempts to login. Fortunately, I have a decently cryptic password, the admin account is disabled and 2FA as well. So there haven’t been any successful ones, plus the plugin was banning user after 3 unsuccessful attempts. However the deluge of alerts was becoming annoying so I looked into the attacks a bit more, installed a fail2ban plugin for WordPress and disabled the xml-rpc function.
Hopefully that should quiet things down. We shall see.