improve on my security and when ever he tries to login it affects the connection and the performance of the link
Well in theory you can block the attempted connection earlier, like with IP blocking, but typically that doesn't get you that far. Does the controller need to be on the internet and exposed?