Prevent Login attempts on WP admin login

Hello,
I keep seeing failed login attempts on my wp-admin page. Is there any way, we can limit the attempts via Apis CP, like it does with ftp/ssh etc login attempts?
Can the same be applied via Apis somehow?

I checked discord & the forums, could not find many relevant topics about this.

Would be glad if any kind of info on this can be obtained.

Cheers!

Yes you can. Read here:

Thank you for this info.

I checked , and

cpcmd config:set apache.evasive-wordpress-filter true

was already set to true. And I still had those brute force attempts to WP-admin login page. I will observe for a few more days.

Could there be something missing?

How often do you see it? Post a snippet of the log where you see the attempts.

<Files "wp-login.php">
    <If "%{REQUEST_METHOD} != 'POST'">
        DOSEnabled off
    </If>
    DOSPageCount 3
    DOSPageInterval 2
</Files>

Bear in mind this only occurs when a POST request is made (not GET). Moreover 3 or more requests must occur in a 2 second interval. If a page load takes 750 ms to load, then 3 requests would complete in 2.25 seconds, more than the threshold.

Moreover, at a rate of 1 request per 750 ms then an attacker could attempt 115,200 combinations per day. At a rate of 115,200 requests per day to permute an entire space of 6 characters in a-zA-Z0-9, it would take 6^62/115200 1.5 x 10^43 days to attempt; in other words it may be additional noise in the log but not a reasonable threat.