If there is no security software on your server to protect your web site, then you should consider some WordPress security plugins. As shown in the picture above, this is a security plugin called "WP Cerber", which you can search and download from the plugin store (dog icon).
WP Cerber doesn't have many features, but it is very practical. It has the most common security feature of "locking IP after too many login errors". In the past, the Limit Login Attempts plugin could only prevent real users from logging into the backend and locking their IP, but it couldn't lock the attacks from other brute force tools, such as post and get login methods, as well as XML. So I highly recommend WP Cerber.
In addition to locking IP, it also has other features, such as protection against simple web vulnerabilities. It also has detailed information about visitors, such as which page they are on, what browser they are using, and what IP they have. This function is equivalent to website statistics.
Second Recommendation#
I highly recommend this plugin to be used in conjunction with Cerber, as it can make your site almost invincible. Its name is Wordfence Security. This plugin has complete features and powerful firewall settings, which can prevent many types of web vulnerability attacks. It can also scan your entire WordPress site to find malware, backdoors, vulnerabilities, and other harmful codes.
There are many protection features and various settings, all in English. If you don't understand them, you can use the browser's right-click translation feature, which is very easy to understand.
Plugin recommendations in this article: WP Cerber and Wordfence Security