wp-admin isn’t your login. Your login would be at https://example.com/wp-login.php
And it’s only going to Rate Limit if you hit that URL a bunch of times in a few minutes.
Just for fun, I did hit your wp-admin URL a few times. After the third hit, it rate limited me.
For my WordPress sites, I do two things:
- Install Wordfence. It will protect your login, and a whole lot more.
- Use Cloudflare’s Firewall Rules. I block anything that doesn’t come from my home’s IP address. You’ll want to tinker with Firewall Rules a bit for what works best for you.
- Optionally: Use Cloudflare’s Page Rules and Match the login URL and set Security Level to Under Attack.