Attackers and malicious users are always behind your WordPress site. One of common attacks on WordPress sites is brute force attack. If you have installed plugins like wordfence or hide my wp, you can see the list of failed login attempts.
Attackers simply target your wp-login.php file and attempt a list of known username/passwords using a dictionary. If you wp-login.php file is open to public access (which is the case with default WordPress), attackers will sure try to target it.
Some tips to stop brute force attacks:
- Don’t create a user with “admin” – always create unguessable admin usernames.
- Hide or rename wp-login using free plugins like Hide wp-login.php created by wpWave’s team.
- Create a whitelist of IP address in .htaccess file allowing only you to access the wp-login.php file. However this method requires technical knowledge about static ip addresses and configuring .htaccess file.
How to rename wp-login.php?
- Install Hide wp-login.php plugin.
- You now have two options.
- Rename wp-login.php to something you only know (for example – thisismyloginpage)
- Or you can put a password infront of wp-login.php.
Thats it! Hope you enjoyed the post. Subscribe for more such tutorials.