I have the unfortunate occurrence of WordPress admin login bot attacks to my login page for a couple of my websites. It’s annoying. Overnight I had approximately 100 attempts by these bots to login to my WordPress admin page.
I use a free version of WordFence to set invalid login attempts to 1 when a wrong password or admin name is used and it locks these bots out for 2 months.
This is an OK solution but in 2 months time I will go through this all again and receive a tonne of emails. I am using the default WordPress Admin login page.
WordPress Admin Login Bot Attacks
This is creating the bot attack issue as it is a well-known login url for WordPress admin access. There is a better way to prevent this from happening.
Create a custom wp-admin login page
There are several methods to creating a custom wp-admin login page, either via the backend and changing some WordPress files or via a WordPress Plugin WPSHide Login.
I am going to take the easy route and use a WordPress plugin. It allows me to change my admin login page to something secret and in the main, undiscoverable. This will prevent the bot attacks as the default wp-admin page will no longer exist. Hopefully this will remove all issues. I’m sure these wp-admin attempts will continue. For now at least I have obscured the WordPress Admin Login page from bot attacks by using a bespoke url for my WP Admin Login.