Failed logins are the sole attempt of bots doing Brute Force attacks. If you are not seeing any performance issue from these attacks, you can leave them be. They always happen and happen often. It is just a side effect of a very popular CMS.
If you are seeing a performance hit on your server, you can check out https://codex.wordpress.org/Brute_Force_Attacks for some basic information on how you can slow down if not prevent the attacks all together.