1) Install WPS Hide Plugin ( https://en-au.wordpress.org/plugins/wps-hide-login/ ).
WPS Hide Login is a lightweight plugin with active installed over 100,000+. This plugin will help you change the login URL to anything you wish. After changing the login URL, if someone try to access wp-admin/wp-login.php/login/admin then it will throw 404 error page.
WPS Hide Installation
- Go to Plugins › Add New.
- Search for WPS Hide Login.
- Look for this plugin, download and activate it.
- The page will redirect you to the settings. Change your login URL there.
- You can change this option any time you want, just go back to Settings › General › WPS Hide Login.
2) Install Google Authenticator for WordPress (https://wordpress.org/plugins/wp-google-authenticator/)
Use Google Authenticator plugin to generate a one-time password and to be used every time your login. This will add an additional box in Login form to enter the OTP generated by Google.
Note: in order to use Google Authenticator, you must have a phone with installed Google Authenticator apps.
- Android:- https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
- iOS/iPhone: https://itunes.apple.com/au/app/google-authenticator/id388497605?mt=8
Once you have apps installed, you can setup the account and all set!
4) Uninstall and delete all nulled themes or plugins. Nulled plugins or themes contain backdoors/viruses that could allow hackers to gain access to your website files and database anytime.
5) Make sure your password isn't used anywhere else and Keep is strong so it can't be guessed!