One measure that should not be neglected to increase the security of your WordPress website is the restriction of login attempts. This is an effective way to put a stop to so-called brute force attacks. These hacking attacks try to get your access data by automatically trying out different combinations.
Limit login attempts
Probably the easiest way to limit login attempts with WordPress is to use a plugin. Login Lockdown does exactly what it is supposed to and is also a relatively slim plugin. With over 200,000 active installations and a rating of 4.5 stars, other users seem to trust the plugin as well.
The plugin is free and can be downloaded from the WordPress plugin directory.
Configure Login LockDown
Before the configuration, the Plugin must first be installed and activated. In the settings under Max Login Retries you can then define how many login attempts may take place within 5 minutes (Retry Time Period Restriction) in succession until the login via the IP address is locked for a total of 60 minutes (Lockout Length) .
The predefined specifications are relatively solid, so they can be maintained. Afterwards, don’t forget to save the setting. Congratulations, your site is now a bit more secure.
By the way, you can also move your login page completely. How this works in detail is described in the following article: Change WordPress Login URL