Solution:
There’s really nothing you can do to prevent someone from sending HTTP requests to your server, which is what is most likely going on. I assume that you are seeing these login requests in your log files?
My suggestion would be to deploy a web application firewall of some kind, which is independent of WordPress and is designed to integrate with Apache or Nginx, such as ModSecurity which is OpenSource. This will at least give you some more options at the web application layer.