-
I'm guessing not but do you have anything like a WAF in front of the site that can limit access to only the IPs that need access to the login page?
I don't know much about WP but I presume it has its own way of limiting access to certain IPs. Can you lock it down further?
Another option is to move the login page to a different, non-standard URL (ie. not wp-admin or wp-login or whatever it is). That should get rid of a lot of bots.
hippy-
Thanks (nerd).
The moving location is an obvious/free one I didn't think of so will look at that first before a firewall. Though yes, a plugin limiting to only my IP would be interesting too (presuming that for someone to either fake my IP or take over it I'll have bigger problems than who is accessing a WP site for a project I haven't shared yet).
CYOA
How many login attempts to a wordpress website would be cause for concern?
I usually get about 10-20 per day. I use Limit Login Attempts Reloaded plugin on the site in question.
All attempts are usually in batches from a single IP which then gets blocked after x tries so I presume it's low effort automation rather than specifically being targeted. Anything I can do to ensure security? Password is pretty solid, though it's stored in Chrome. My Chrome password is also pretty solid as these things go and I keep an eye on where it's being accessed.