Websites are constantly being attacked and with WordPress as one of the best and most utilized content management systems on the internet, it is a prime target for attackers. Your web hosting services provides a certain level of security and protection, however as a site owner the bulk of the security is on you and there are actions you can take to prevent unwanted access and logins to your website.
We’re focusing specifically on login security for this article and updates to the wp-login and wp-admin URLs. There are five simple steps that can help secure and harden this process. You will want to change your login URL, limit login attempts, setup 2FA, hide your username, and employ a strong password. See below for more details.
Using all of these tips together will not make your website un-hackable, however it offers a greater degree of security to prevent unauthorized users from gaining access and deters the vast majority of unsophisticated bots and scripts running out there designed to attack a /wp-admin page with a admin username and a weak password. Always keep your site secure and up to date and do regular backups to have available for a restore if needed.