How to prevent brute force attack on my wordpress site, it's hundred of failed attempts on my login page and it's come from two specific adress plage.

To block the attack i have installed wordfence, changed the url of login, and blocked the ip that i didn't recognize, it worked at first after 40 attack the user is blocked no more just let hundred attack come.

But after it got smarter, it attack from multiple ip address from bellow and also attack per hour or day to avoid wordfence blocking frequency

so I have two problem,

The first is that all attack come from 34.x.x.x and 35.x.x.x ip, so i guess the attacker use virtual machine or worker from google cloud, will that be alright to block all those adress to avoid further attack ? the site is for to show service so i think that we will rarely receive virtual machine user.

The second problem is that there is also ipv6 adress, i don't know if the rule "deny from ......." work on ipv6 in .htaccess

I tried to verify if this is just google service but the agent being google chrome and trying to access to my login page isn't right,

I have tried the above method but still receive attack, i fear that this will reduce the ressource of my account