Nginx Rate Limiting
Nginx web server support rate-limiting with module ngx_http_limit_req_module.
Block WordPress wp-login.php attack
To block the WordPress wp-login.php attack, add the following to http section of your nginx.conf file.
limit_req_zone $binary_remote_addr zone=WPRATELIMIT:10m rate=2r/s; limit_req_status 429;
2r/2 = Lmit 2 requests per second.
Inside server entry for the website, add
location ~ \wp-login.php$ { limit_req zone=WPRATELIMIT; include snippets/fastcgi-php.conf; }