Using the WordPress as CMS to manage your website it turns into a magnet for all brute force attempts to login, from boots and hackers. On CODEX there’s a dedicated page for such topic Brute Force Attacks it’s a very sensible area of your website and should get the appropriate attention from everyone.
There are different methods to increase protection for the login page, from strong password to multiple factors protections. But still the above does not block any attempts from unauthorized, anyone can try a brute force access. Boots can do that by trying out hundred of username and password combination in a matter of minutes. Oblivious that will slow down your site and eventually the hacker will find a working login credentials.
Completely hide default WordPress login url
As default the login page your your site will be
That’s something which everyone know. How about changing to something else, a url that only you know?
Type in the new login page slug which will be used instead the default e.g. new-login
Per above the new login url become
Once the login url has been changed an automated e-mail is being sent to admin e-mail with a recovery link which can be used if the new login url has been lost.
Block default wp-login.php
If this option is activated the old login url will be blocked and a default theme 404 error page will be returned.