For brute force attack, clients are recommended to take action.
If necessary, you may install Login LockDown plugin.
For Managed Hosting customers, you may request us to set restrictions to IP addresses or set basic authentication to the WordPress login screen with configuration changes on the server side.
We will set this upon your request. Please contact us, as managed hosting customers do not have access to this.
Self-hosting clients must take necessary actions by themselves.