[ad_1]
I host a simple portfolio website where I am the only user. I periodically experience login attacks. My username is difficult to guess with a string of random characters at the end, and the password is a long generated one. Wordfence is setup to block any IPs that try to log in using an invalid username, but I’ll still get a string of dozens of attempts from time to time. Recently, I moved the login page using the WPS Hide Login plugin because this stopped attacks on another site in the past, but Wordfence registered more log in attempts afterward. Is this something I should worry about? I also have Cloudflare and can put the site on under attack mode.
[ad_2]
Your site is accessible on the public internet, this is normal.
Are all these from different IP addresses ?
You aren’t under attack – it’s just bots, it’s normal.
Wordfence > Login Security > Settings tab. Disable XMLRPC.