Site Lockout Notifications received regularly - What to do?

  • Answered
I am concerned about the regular emails we're receiving about site lockouts due to failed login attempts or incorrect usernames by unauthorized parties. Sometimes we'll get 6 or 8 of these in a day. We've checked the IP addresses a few times to find they are in places like Russia and China. Question is: Do we need to worry and is there something we can do about these? We long since changed our user login name from the default Admin, which is what MOST of the login attempts use, although they curiously also sometimes use variations on names of people associated with our site.
Hello, Thank you for contacting us about site lockouts. We have a full guide on protecting WordPress from Brute Force attacks. There are many security measures you can set up. Implementing at least two or three of the recommended steps is a good start, but try to do as many as you can. You can also use .htaccess to block certain IP addresses from accessing your /wp-admin directory. Best, Christopher M.