If your host keeps telling you that you’re using too many resources, it’s possible that you have a bot problem. Hackers create bots to break into WordPress websites via the login screen (also known as wp-admin). By just adding this code to your .htaccess to block 99.999% of no-referrer bots from your wp-admin.
Replace REPLACEWITHYOURURL with your own domain. No referrer bots are the ones that do a lot of brute force attacks on your WordPress site.