See, there are many ways to hack a website, about which I do not know, but I will tell you about a plugin, so that when someone enters the password more than twice, then for 24 hours that user will have to login again. will not be allowed.
WPS Limit Login
You install and setup the WPS Limit Login plugin in your WordPress. If anyone enters wrong details in your WordPress more than twice, then he will get the option of login again only after 24 hours with the help of this plugin,