Thank you all for helping with this issue! 😃
I installed --fail2ban and I was testing it in the wp-login.php, the funny thing was that I made about 50 login attempts and the connection never blocked, so I guess it is not effective against brute force.