By default, a WordPress user can make unlimited number of attempts to login to a WordPress site. This allows anyone to try guessing your password until they get it right.
There are many plugins available to limit this unlimited login attempts. You just need to pick one and activate.
If you need any help setting any of the above plugin, feel free to comment.