Unfortunately, the server hosting this site has been under periodic abuse by scanning software which attempts to brute-force login to Wordpress and Joomla sites. Sadly, this has been happening across our entire estate, and across the internet as a whole.
Because these processes run thousands of attempts per minute, this can very quickly degrade performance of the server as a whole, and we therefore have a number of countermeasures which we employ to protect the servers from this. One of these measures is to limit the number of requests to wp-login.php per minute. Requests beyond the limit are returned a 504 error as you have seen, and the IP that made the request is logged. Once it becomes obvious that an IP is acting in this fashion (and is not a legitimate user attempting to access their own login page) the IP is manually checked (to prevent us accidentally blocking important parts of the internet), and then blocked.
At the moment, this server is being limited in this fashion, and a number of IP addresses have been blocked since this was implemented today, however more will need to be blocked to improve performance - as this activity derides from a botnet, there are many IPs at the attackers disposal.
As soon as we are satisfied that the attack has stopped or moved on, we will unlimit the server.
We are working on more robust and 'permanent' solutions to this problem, but due to the nature of the attacks, you should note that this issue is unlikely to be 'permanently' resolved while the means to launch this type of attack exist.
I understand that this is an inconvenience to you, for which I apologise, and thank you for your continued patience in this matter