Your WordPress website is set up to protect against brute force attacks as after 3 attempts it blocks the IP. But you still want a strong password for your website and everything else ideally.
Check how long it would take for your password to be hacked below. If it’s 600 years or more you are probably fine. If it’s hours then time to change it.
If you have been using the same password for years it may well have been sold to hackers. Ideally change that same password you use everywhere it is currently used but certainly please don’t use that password for your admin account on your WordPress website or any other important accounts. Lots of useful information here: