My website under brute force attack
- SEO |
Thinks I've done:
I removed "admin" login user and changed it to a 100x more complicated username. I changed the password to something that extremely difficult.
Added -
Sucuri
Simple Firewall
Captcha + "Am I Human" tick box [both]
Settings:
I added a 300 second time-out period on failed first attempted login.
I removed default 'wp-admin' and 'wp-login' and changed it to a unique URL string that only I know.
And somehow the hackers are still trying relentlessly. I think they found my new (secret) URL login string. Only thing I can think to do now is make only my IP address capable of logging in.
Any suggestions?
"May I have ten thousand marbles, please?"
My Guitar Website | My SEO Blog - Advertising spots available.
Who told me this? An ex Google web spam engineer.
What's your excuse?