WordPress is the most popular and widely used blogging platform. It supports every kind of website, from a simple blog to a full-featured business website. Twenty-six percent of all websites globally use WordPress. As a result of this popularity, hackers and spammers have taken keen interest in breaking the security of WordPress operated sites.

In January 2017 alone, WordFence reported an average of 26 million brute force attacks against WordPress websites per day.Inthe same report they recorded more complex, targeted attacks at an average of 4.7 million per day for the same time frame. That’s a lot of people and bots up to no good. The security of your WordPress website is a big deal, and a good place to start securing it is at the login screen.so let’s get started on making your WordPress site’s login page a little bit more secure.

1. Don’t use admin as a username
This is perhaps the easiest baseline step for WordPress security you can take as a WordPress user. It costs you nothing, and the install makes it easy to do. A majority of today’s attacks target your wp-admin / wp-login access points using a combination of admin and some password in what is known as Brute Force attacks. Common sense would dictate that if you remove admin, you’ll also kill the attack outright.

Simply create a new user in WordPress at Users > New User and make that a user with Administrator rights. After that, delete the admin user. Don’t worry about the post or pages the admin user has already created. WordPress will nicely ask you: “What should be done with content owned by this user?” and give you the option to delete all content or assign it to a new user, like the one you have just created.

2.Use a Strong Password

Brute forcing login pages is one of the common form of web attacks that your website is likely to face. If you have an easy to guess password or username, your website will almost certainly be not just a target but eventually a victim.

Play around with the website’s passwords and change them regularly. Improve their strength by adding uppercase and lowercase letters, numbers, and special characters.
enforce strong passwords on all your users

3.Limit login attempts
This is one incredibly simple technique to stop brute force attacks on your login page right in their tracks. A brute force attack works by attempting to get your username and password right by trying multiple combinations over and over.

If the particular IP which is perpetrating the attack is tracked, then you can block out the repeated brute forcing attempts and keep your site secure. set Limit Login Attempts for prevent brute force attack.

4.Stay up-to-date
Very large percentage of the website hacks came from out-of-date, vulnerable, versions of plugins.

Every good software product is supported by its developers and gets updated now and then, but WordPress is updated very frequently. These updates are meant to fix bugs and sometimes have vital security patches.

So update your WordPress, plugin, Thames regularly.

5. Back up your site regularly
No matter how secure your website is, there is always room for improvements. But at the end of the day, keeping an off-site backup somewhere is perhaps the best antidote no matter what happens.

If you have a backup, you can always restore your WordPress website to a working state any time you want. There are some plugins that can help you in this respect.

WP All Backup plugin helps you to create Backup and Restore Backup easily on single click.Manual or Automated Backups And also store backup on safe place- dropbox,FTP.

Creates a Backup of your entire website: that’s your Database, current WP Core, all your Themes, Plugins and Uploads.

The WP ALL Backup gives WordPress administrators the ability to migrate, copy or clone a site from one location to another. If you need to move WordPress or backup WordPress this plugin can help simplify the process.

6.Set strong passwords for your database
A strong password for the main database user is a must – the one WordPress uses to access the database.

As always, use uppercase, lowercase, numbers, and special characters for the password.

7.Set up website lockdown and ban users
A lockdown feature for failed login attempts can solve a huge problem, i.e. no more continuous brute force attempts. Whenever there is a hacking attempt with repetitive wrong passwords, the site gets locked, and you get notified of this unauthorized activity.

WP User WordPress plugin has mechanism for slow down brute force attack,

WordPress is the most popular and widely used blogging platform. It supports every kind of website, from a simple blog to a full-featured business website. Twenty-six percent of all websites globally use WordPress. As a result of this popularity, hackers and spammers have taken keen interest in breaking the security of WordPress operated sites.

In January 2017 alone, WordFence reported an average of 26 million brute force attacks against WordPress websites per day.Inthe same report they recorded more complex, targeted attacks at an average of 4.7 million per day for the same time frame. That’s a lot of people and bots up to no good. The security of your WordPress website is a big deal, and a good place to start securing it is at the login screen.so let’s get started on making your WordPress site’s login page a little bit more secure.

1. Don’t use admin as a username
This is perhaps the easiest baseline step for WordPress security you can take as a WordPress user. It costs you nothing, and the install makes it easy to do. A majority of today’s attacks target your wp-admin / wp-login access points using a combination of admin and some password in what is known as Brute Force attacks. Common sense would dictate that if you remove admin, you’ll also kill the attack outright.

Simply create a new user in WordPress at Users > New User and make that a user with Administrator rights. After that, delete the admin user. Don’t worry about the post or pages the admin user has already created. WordPress will nicely ask you: “What should be done with content owned by this user?” and give you the option to delete all content or assign it to a new user, like the one you have just created.

2.Use a Strong Password

Brute forcing login pages is one of the common form of web attacks that your website is likely to face. If you have an easy to guess password or username, your website will almost certainly be not just a target but eventually a victim.

Play around with the website’s passwords and change them regularly. Improve their strength by adding uppercase and lowercase letters, numbers, and special characters.
enforce strong passwords on all your users

3.Limit login attempts
This is one incredibly simple technique to stop brute force attacks on your login page right in their tracks. A brute force attack works by attempting to get your username and password right by trying multiple combinations over and over.

If the particular IP which is perpetrating the attack is tracked, then you can block out the repeated brute forcing attempts and keep your site secure. set Limit Login Attempts for prevent brute force attack.

4.Stay up-to-date
Very large percentage of the website hacks came from out-of-date, vulnerable, versions of plugins.

Every good software product is supported by its developers and gets updated now and then, but WordPress is updated very frequently. These updates are meant to fix bugs and sometimes have vital security patches.

So update your WordPress, plugin, Thames regularly.

5. Back up your site regularly
No matter how secure your website is, there is always room for improvements. But at the end of the day, keeping an off-site backup somewhere is perhaps the best antidote no matter what happens.

If you have a backup, you can always restore your WordPress website to a working state any time you want. There are some plugins that can help you in this respect.

WP All Backup plugin helps you to create Backup and Restore Backup easily on single click.Manual or Automated Backups And also store backup on safe place- dropbox,FTP.

Creates a Backup of your entire website: that’s your Database, current WP Core, all your Themes, Plugins and Uploads.

The WP ALL Backup gives WordPress administrators the ability to migrate, copy or clone a site from one location to another. If you need to move WordPress or backup WordPress this plugin can help simplify the process.

6.Set strong passwords for your database
A strong password for the main database user is a must – the one WordPress uses to access the database.

As always, use uppercase, lowercase, numbers, and special characters for the password.

7.Set up website lockdown and ban users
A lockdown feature for failed login attempts can solve a huge problem, i.e. no more continuous brute force attempts. Whenever there is a hacking attempt with repetitive wrong passwords, the site gets locked, and you get notified of this unauthorized activity.

WP User WordPress plugin has mechanism for slow down brute force attack, Limit Login Attempts, Notify on lockout, Password Regular Expression, Google reCAPTCHA, Login Log, Approve/Deny User, Auto / Email Approval user.

Attempts, Notify on lockout, Password Regular Expression, Google reCAPTCHA, Login Log, Approve/Deny User, Auto / Email Approval user.