Bots and automated hacking attempts are a fact of life.
In recent weeks there have been a big spike in attempts to hack the xmlrpc.php files of WP installations http://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html
There is no silver bullet or "magic answer" that fits every situation - each server set up and wordpress site requirements are different.
If you are on a shared server hosting account, your webhost should really have some server security e.g. firewall to prevent excessive traffic from bots (most decent hosts do). If you are on a VPS etc, you might have to find the answer yourself - e.g. a combination of solutions to try to mitigate the high traffic from bots, yet allow legitimate users through.
There are several plugins out there that claim to help with this, though I've never really found them much good. A better solution is cloudflare or similar, but it comes at the expensive of additional time and technical understanding.
Personally, I have found good results by using mod_sec rules and CSF on my VPS. This is where a decent webhost comes in handy as they can advise.
