Most of these use some type of CAPTCHA where you need to transcribe scribbly words and numbers into a box. Others require you answer a random maths question, or identify things or groups of things. All are designed to verify that the login attempt is being made by a human and not a bot.
They can be affective and reducing hacking attacks by automated bots, but at the same time they can be annoying to humans. Some can be very difficult to decipher.
It will not hurt to implement this and if your site
I would recommend the following first be implemented to protect the login page:
You can then consider implementing a human verification challenge plugin.
There are many available – just search for one that suits your needs.
Here is an alternative approach to protecting the login page against automated bots. It might even be used in conjunction with a human verification challenge plugin but this is probably overkill.