Brute force login attacks targeting WordPress sites are quite common, such as in April 2013 when more than 90,000 sites were targeted. There are a handful of good ways to protect yourself against these attacks:
- Choosing a strong administrator password
- Installing a plugin that guards against brute force logins, such All in One WP Security or BruteProtect
- Changing the default wp-admin url with a plugin such as HC Custom URL
However, I prefer to use a two-factor authentication method that requires a code from my phone to complete the login process. Google’s Authenticator has been gaining ground as a mobile app for providing secure codes. In fact, you may already have the Google Authenticator app on your phone, as a number of web services are now integrating with it, including cloud file store provider Dropbox, cloud hosting provider Digital Ocean, and name service provider Gandi.net.
To learn more about this continue reading here!