You can use .htaccess to ban IP’s that you don’t want to access your website. If you are attacked from the same IP over the prolonged period of time, and with great frequency, banning the IP is the best solution.
Simples way to ban IP in .htaccess is (replace 123.123.123.123 with IP you want to ban):
Deny from 123.123.123.123
You can add multiple lines like this for multiple IP’s. This works for Apache servers if you use some other server type, the method to ban IP’s will be different.
But, before you do this, make sure you are really banning the malicious user that tries to do something bad. A better solution is to use some security plugin that can identify malicious or spam sources and ban them for you.