Improve WordPress login security
You should be concerned about the security of your website. In order to protect your website from unauthorized access, you should first choose a secure password and change it regularly if necessary. A password is considered secure if it contains at least 8 characters, contains at least one special character, at least one number and contains at least one upper and lower case. Try to keep this in mind when choosing your password.
Likewise, the username should not be “admin” by default, but replaced with an individual name. In addition, there are some plugins that can improve the security of your site:
This plugin offers you comprehensive all-round protection for your WordPress site. Wordfence is one of the most used security plugins in WordPress and accordingly good. All-round solutions like these are relatively data-intensive, but offer many important setting options that increase the security of your site. For the security of your login page, Wordfence offers you a 2-factor authentication, a login captcha for bot defense and an automatic block for compromised passwords. https://wordpress.org/plugins/wordfence/
This plug-in temporarily blocks the login after a specified number of login attempts and can also block the corresponding IP permanently. Blocked IPs can be unlocked manually in the admin area. https://wordpress.org/plugins/login-lockdown/
Login No Captcha reCaptcha:
Adds a Google No Captcha ReCaptcha checkbox to your WordPress and Woocommerce login, forgot password and user registration pages. Also, it blocks automated scripts from access while making it easy for humans to opt-in by ticking a box. https://wordpress.org/plugins/login-recaptcha/
More security for the WP Admin URL
To achieve even more security for your website and your WordPress login page, you can protect your WP Admin URL from unauthorized access.
The .htaccess file defines, for example, which files and directories are visible on your site and who has access to what. Of course, this gives you the opportunity to hide certain IP’s or areas of your site. Specifically, you add individual code snippets that restrict access to wp-confiq.php, for example. (Caution: Before changing the .htaccess, you should definitely save it.
To protect your admin area, upload a new .htaccess that only allows access from certain IP addresses in >wp-admin. Make sure to upload it in this directory and not in the main directory, otherwise you will block all other IP addresses for your site. You can also do the same to exclude IPs from the wp-login.php page. For example, unauthorized IPs can be forwarded to a 404 page (or another page of your choice) and no longer get to the login mask at all. This can be achieved by inserting the appropriate code in the .htaccess file. You can find out more about this in the WordPress Codex.