Hackers can bypass the login security measures of a website. Limiting the number of failed login attempts from one IP address within a limited period of time is one of the most effective strategies for keeping pesky hackers away. Please take a look at how to enable Log in Protection.