For WordPress: Login Lockdown Plugin
# Install "Login Lockdown" or "Limit Login Attempts Reloaded"For System-wide: Using pam_tally2
sudo nano /etc/pam.d/sshd
auth required pam_tally2.so deny=5 unlock_time=600For Web Applications: Custom Rate Limiting (Nginx)
limit_req_zone $binary_remote_addr zone=login:10m rate=1r/m;
location /login {
limit_req zone=login burst=2 nodelay;
proxy_pass http://backend;
}