Hi, @danvike
If you want other people to be able to login, you can’t stop bots from trying to login. You can implement some security measurments such as 2FA, I am not a robot etc, but bots will do what they know.
The fact that you get notifications about login failed attempts should not worry you. I don’t know what plugin you use for website’s securtity, but you might consider disabling emails about failed logins and enable notifications only about successful logins – that way you’ll know instantly if someone else logged in and it was not you. Failed logins and lockouts are not that important – it only means that whatever plugin you use to secure your website is working.
Bots and “bad people” will always try to hack various sites. Unless a site is very hidden with 0 visitors, on any site there are hacking attempts.
You may want to implement some (if not all) of the recommended security measures.
Hope this helps,
Kind regards
