Of course,Without any protection and security? you have the default login / password system, but do you honestly believe that’s enough?Have you done something to protect your WordPress site. Imagine what would happen if someone gets access to your admin dashboard. Now the only way to keep safe the site is to enhance security.Following ways are essential for mind relief and to avoid great loss.
A very useful plugin that records the IP address and the date and time of all failed login attempts. If the failure of attempts to continue in a short period of time from the same IP range and the maximum number of attempts is reached, then the switching function is disabled for all connection attempts from that range.
The Google Authenticator mobile app to give a two-factor authentication login to your WordPress site.
Note: Make a point before activating Authenticator Google, you beat two-factor authentication with your Google Account Authenticator app and installed on your Google Android, iPhone and Blackberry phones.
When the installation and activation process of the plugin is finished, open ‘Users -> Your profile’ and then you will be able to see the Google Authenticator settings.
There you will see “active” and a checkbox next to him. Check the box. So when you log on to the next time, it prompts you to enter confidential key. And if If you do not enter the correct key, it will not let you login.
It offers a highly secure your WordPress site. One Time Password to access the site without the correct password. This is a list of passwords that can be used to sign the site, but a great thing is that passwords can be used only once, so even if someone learns your password, will be of no use to him [ One-time passwords, remember?].
When its installation and activation process is finished, go to the One Time Password section to create your password list. Then enter a pass phrase and click the “Generate” button.
It depends on you if you want to get a print of all the passwords and carry them with you.
This tool works via IP address. It requires admins to register or whitelist IP addresses. Now, when admin logins, its IP address. And if the IP address does not match the list, then it will send an email to admin with a link that has a key once.
The plus point of this plugin is that very little or almost no configuration is needed.
This plugin has nothing to do with login field, but it secures your site by looking into web requests to detect any malicious attack. It has the ability to halt the attack before it harms to your database.
After it has been activated, its configuration options can be found under the Firewall section.