Solved! Go to Solution.
What kind of hosting are you on? If you have cPanel there's a menu option to block IP addresses.
If you're not, the cheap and easy way to handle this is to block the IP in your .htaccess file. You'd add this up top:
Order Deny,Allow Deny from 18.104.22.168
But I don't know the importance of this site or want to make any assumptions. The real, ongoing fix for this issue is to purchase the web application firewall that comes with GoDaddy's Website Security Deluxe package. It automatically handles bot brute force attacks, and allows you to deny access from geographical regions.
Thanks! I also just discovered and installed a WP plugin called IP Geo Block that looks like it may help. Some of the settings are a bit cryptic and will take me awhile to understand, but at least I can add the offending IP addresses to a blacklist. It looks like there is an option to blacklist entire countries so I will investigate that setting. (My web site is dedicated to providing a history of a particular class from the US Naval Academy - pre-WWII. There is no sensitive government information - it's not hosted (obviously) by the govt, but I assume outsiders see 'Naval Academy' on the site and think they could find a back door to govt systems.)