Long story short: remove wp-login.php from you site's ftp root. No one will ever try to login again, simply because the login page (and associated functions) is not even hidden or blocked: it doesn't exist anymore! The downside is that you will have to put this file back when you want to login yourself, so only do this for micro niche niche or such sites where you won't need to login often. I just did it on an old micro niche of mine that just hangs there and that I don't touch anymore. Someone (a bot) has been trying to login on a regular basis for more than a year now. At first, I installed a plugin that was locking out ips upon failed login attempts, but today the bot came back with a load of proxies, and I received like 100 email notifications of failed login attempts in less than an hour. As I almost never need to login into this site's admin, deleting wp-login.php seemed to be the quickest and most effective solution to stop this annoying thing - even quicker and easier than installing any plugin. To secure other kind of sites where you will want to login yourself on a regular basis though, (and don't want to bother deleting and putting back a file everytime via ftp), there are many security plugin to help you such as WordPress Hide My WP which has been shared here recently and will - among other nice features - hide the login page and make it only accessible via a custom URL.