There are many things to consider depending on the type of attack. Is it a network layer attack, application layer, etc. If it is against a WordPress install, for example, you can defend against this top-down. Placing the website behind Cloudflare can provide some protection. Setting up your firewall to detect brute force attacks against ModSecurity rules or flooding against a port, and finally, there are plugins available for scripts like WordPress such as WordFence which provide an additional layer of brute force defense.
Use 128-bit or higer encryption. Use a good encryption method. Good way of communication of keys. Have a limit of how many times a person can try a password. Use 2 way or higher encryption method. Something you have, something you know, someone you are. You can use these three as a password as there are the basics.
As I am fairly new to the IT world I don't know much but I am learning a lot from this forum one thing I learn't in school is have have a good password one upper case lower case with a mixer of and letters & symbols like @[email protected] and numbers just to make it more secured.
You can consider using RDP like services but again it is again vulnerable so using tools such as Bromium Protected App offers capabilities for hardware-enforced isolation of remote desktops and XenApp clients.