Number one has to be….
Make sure you have the latest version of WordPress installed.
- You must also use a good password, upper and lower case letters, numbers and punctuation characters. Do no use any dictionary words unless they are Klingon (The 1st Dynasty Dialect)
- Avoid plugins if possible, they slow your site down and some can have security issues.
- Make sure Plugins and Themes are up to date.
See also
https://www.fabbro.uk/how-do-i-stop-so-many-hits-for-wp-login-php/
https://www.fabbro.uk/wordpress-xmlrpc-php-high-number-of-hits-in-the-log/