How to block repeated login attempts

In the past 24 hours, I’ve seen a large number of reports from Wordfence about login failures, similar to this one:
A user with IP addr 54.162.35.229 has been locked out from signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 5. The last username they tried to sign in with was: ‘[email protected]’.
The duration of the lockout is 4 hours.

The same IP address appears on multiple notices, between 5 and 10 at a time, all within seconds or minutes of each other, then a different IP address is used for the next batch.

The usernames are all different – so the hacker is cycling through different user names (these are visible on the site in the Connections listing of members) – but what’s puzzling is why the same IP is able to be used repeatedly. I have Wordfence set to block an IP address (as indicated above) for 4 hours after repeated failures, but it appears that this is not preventing the hacker from using the same IP address for brute force attempts to penetrate 5 or 10 different accounts in quick succession.

Is there a setting that might need adjustment?

Note that I have no way of knowing if any of the members have weak passwords, since we added Wordfence to the site a few months ago but these members have been set up as subscribers for several years.

Clearly, if a hacker can login as a member who is a subscriber, the immediate access to the back end will be limited, however I’m aware that this may be just one step towards a successful takeover of the site.

Any suggestions or ideas would be greatly appreciated.

The page I need help with: [log in to see the link]