@narayanprusty, have you tried 2 step authentication like Google Authenticator for WordPress ( https://wordpress.org/plugins/wp-google-authenticator/)? I’m wondering would brute force attempts with this installed still consume memory and CPU. I’m assuming it would as Wordpress is still being served and it is not the server protecting the site.