This showed up on wpbeginner today: WordPress Brute Force Attacks, and What You Need to Do About it. My webhost, MacHighway, also posted similar information this afternoon. For those of you who are self-hosted WordPress (or Joomla) bloggers, I suggest you read it and follow the suggested changes.
And do what I posted too, as an added measure. 😉
Until next time...
Good tips.
One can also limit access to wp-admin by IP address. I suppose that could be considered a form of two-factor authentication.
Which only works when one is lucky enough to have a static IP address. 🙁
Or I could always SFTP into my server, add my current IP address each time, then use the blog web interface. No. That’s way too much work for even me.