Ok, I’ll ignore “rate limiting” for now, at least until I know more.
I think I have enough things to look at now, incl. about 7g firewall, which I found something about here: 7G firewall nginx configuration - I’ll look into that the coming days, it’s too late today. But thanks and I have the impression that the default Hestia/wordpress fail2ban-stuff is good enough for most users and what I’ll be doing is probably just some minor tweaks, thanks all!