I saw that bots can be blocked using string matching in htaccess or by IP address in htaccess -- excellent thanks!
Two more related questions
+ Additionally, are we able to install and use IP blocking plugin like Block Bad Bots (which doesn't write to htaccess or folders)
+ Finally, can we use a plugin that changes wp-login location (and doesn't write to htaccess)?
Looking forward to hosting with you...