Of course, there are many ways to defend against such tactics.
Wordpress blogs are often brute-forced.
But you can deploy mod_sec to stop this.
LiteSpeed has a built-in mechanism in the latest version to stop this.
BitNinja also stops this in its tracks.
CloudLinux Immunity 360 would also stop this.
We have other algorithms that spot this stuff and block users,
Of course, the WAFs stop many brute force attacks, not just WordPress.
High Performance, Low Contention, Hosting
Elastic Sites (HIgh Powered Hosting Accounts) with 1 to 20 CPU Cores, 4 to 42GB of RAM. (Power of a VPS without the hassle)
Shared, Reseller, VPS, Dedicated & More available