You are reading a single comment by @CYOA and its replies.
Click here to read the full conversation.
-
Thanks (nerd).
The moving location is an obvious/free one I didn't think of so will look at that first before a firewall. Though yes, a plugin limiting to only my IP would be interesting too (presuming that for someone to either fake my IP or take over it I'll have bigger problems than who is accessing a WP site for a project I haven't shared yet).
CYOA
hippy
I'm guessing not but do you have anything like a WAF in front of the site that can limit access to only the IPs that need access to the login page?
I don't know much about WP but I presume it has its own way of limiting access to certain IPs. Can you lock it down further?
Another option is to move the login page to a different, non-standard URL (ie. not wp-admin or wp-login or whatever it is). That should get rid of a lot of bots.