Hundreds of Failed Login Attempts within 4 hrs

Not much extra you can do, a plugin to limit failed logins is essential.
Your security ultimately depends upon haveing a strong username/password combination. Presumably your username is not “admin” or “test”.
In time the bots will lose interest due to lack of progress, and move on.

You need to use math recatcha to limit those attempts.

Intall following plug in. It will stop automated attempt to login to your site.

https://www.ads-software.com/plugins/wp-math-captcha/

Thanks Ross, I learned the hard way about avoiding the obvious usernames, and I think since then the site has been a favourite “bot-spot”, but they’ve been unsuccessful since.

Ememberclub, thanks for the advice! I just installed the plugin and I’m sure that’s exactly what I needed.

Cheers!

Glad to help. You can use more complex plug in as well.
You can change your login page url.
You can change your username using admin name change plugin
and blocking the countries Ip addresses, who are attempting the most.

Good luck.

I suggest you to use a security plugin such as iThemes Security or WordFence Security.

Use following plug in. It will do it all.
https://www.ads-software.com/plugins/all-in-one-wp-security-and-firewall/

Thanks for the info, all. It was really only the attempts that were an issue, and WP-Math-Captcha has done the trick… Since my initial & only security compromise, I’ve been using Acunetix WP Security, Limit Login Attempts, Sucuri Security – SiteCheck Malware Scanner and Theme Authenticity Checker (TAC)… And things have been great (knock on wood).