This question already has an answer here:
Sadly it’s not uncommon to receive many rogue login attempts. If you have a strong password policy this actually shouldn’t worry you too much.
If there is a limited amount of people with logins and they work from fixed addresses, you can block acces to that page by writing a rule in your
.htaccess that blocks all visitors from
wp-login.php except those with certain ip-addresses.
Also, security plugins like iThemes can track rogue plugin attempts for you, and issue bans as well as fix common security loopholes. But you can’t stop people from trying to get in, unless you decouple your site from the internet.