Help with perceived security issue

Hello. I’ve been using WP for years and it still contnues to meet every need i have for the many sites i have built or maintained. One thing i’m always careful about and rather paranoid of is general security and i would appreciate your feedback.

I have one site using 6.3 and a theme from Kadence; all works fine an no issues.

For this particular site i have Wordfence installed (free) and throughout the day and every day someone / bot is attempting to log on with trying common usernames etc. (admin, sitename, etc.).

I have Wordfence configured to lock out any account after one failed logon then not enable the next attempt for 2 days. From what i can see they aren’t getting in but it’s causing hundreds of emails an the Wordfence logs fill up quite quickly. There’s no performance or stability impact that i can see.

I go through and block all of the IP’s locations (which for some reason are almost all from India or Phoenix, US.

Any tips? I want to rename wp-login / wp-admin however i have tried this on a much older version and caused some issues that meant i had to restore some of the site.