How can you stop things like DDOS and brute force attacks?
Thanks in advance
Depends on how bad the attack is.
If you're in WordPress, there are plugins like Wordfence Security which will block IPs and Countries and does a decent job on a small scale. Sometimes a Software Firewall on the server level will take care of it, other times you need the protection at the datacenter level (null routing IPs, hardware devices, etc). If you're using a cloud service CDN (MaxMind, Cloudflare, Google), they have setups in place to mitigate attacks without you having to be involved.
So it all depends on the level of attack, what the attack type is, and then that determines the route for defense and blocking.
If you are currently under attack, you need to alert your upstream host/datacenter ASAP to prevent action on their end which may take down your servers, and accounts of your clients.