I woke up this morning ready to write and when I tried to log in to my WordPress site, I was greeted by this message!
This basically means while I was asleep, someone somewhere was busy trying to log in to my WordPress website. Probably using brute force attack where he/she attempts a number of username/password combinations.
Fortunately I have Failed login attempt limits and time outs but now it seems the time out has also locked me out of my own site and I have to wait 15 hours to log back in, assuming the attackers don’t attempt to log in again because it will lock me out even further.
While limiting the number of login attempts seems to offer a sense of security, it can be inconveniencing at times like this. A better solution is to hide the login (wp-admin) page.
Hide the WordPress WP-Admin Page
To prevent these inconveniences, you can take hackers on a wild goose chase by hiding the log in page. The default login page for any wordpress driven website is “domain/wp-admin”.
Every hacker knows your default log in page so they’ll use it to attempt brute force attacks on your website. But you can hide your login page by creating a secret url for it and rendering the default log in page useless. Hackers will have no place to perform their log in attempts.
WPS Hide Login is a very useful plugin in this regard. It let’s you create a log in page and blocks all traffic to the default log in page. Once installed and activated, all you need to do is specify your new login URL by going to Settings —> WPS Hide Login and the plugin takes care of the rest.
This method works because most hackers are usually aiming for easy targets. But there are reports of more sophisticated and specific website driven hackers by-passing this using encoded urls. But since most are looking for plain sailing, chances are, your website is secure. But If you feel that you need more security for your wordpress login page, you can use the .htaccess method.