1. Never use the default ‘admin’ as your administrator login username. As it is the default, unauthorized parties trying to wrongfully access your site will attempt using ‘admin’ to log in. Changing the username to something, anything other than ‘admin’ will prevent malicious attacks.
2. Add a Captcha Code. A Captcha (a backronym for “Completely Automated Public Turing test to tell Computers and Humans Apart”) is a type of challenge-response test used in computing to determine whether or not the user is human.
Usually, the Captcha test will take the form of a random set of characters shown on an image which the user has to type in an accompanying input box. Other cool captcha tests will ask the user to sum two numbers or click a checkbox proving that they’re human. There are several types of captcha tests available to check for bots which may attempt to hack your site.
Recently, I’ve had the pleasure of using the Captcha Bank plugin for WordPress – its pretty impressive. It adapted seemlessly to a specially customized login page when other Captcha plugin wouldn’t. There are lots of various options for customizing the Captcha code.