05-26-2020, 01:46 AM
OP's site is getting brute forced and it's kinda happen to most of CMS sites. As for Wordpress the most common attacks happens to WP-Admin.php and xmlrpc.php. the later one has to deal with .htaccess. You need to put an deny rule for it direct access to xmlrpc.php and limited the access to few IP addresses such as Jetpack server.
As for wp-admin I use a plugin call WPS Hide Login. It changes the login url to whatever you like and returen a 404 for original one.
As for wp-admin I use a plugin call WPS Hide Login. It changes the login url to whatever you like and returen a 404 for original one.