Many WordPress hacks come from malicious bots that are programmed to crawl the web looking for WordPress sites. Once they find one, they’ll add “/wp-admin” to the end of the site’s URL to get to the login screen and try to force their way in.
brandsparky already protects you against this kind of hacking method, but you can add an extra layer of security by making your login screen harder to find in the first place.
The WPS Hide Login plugin allows you to change the location of your login screen from “/wp-admin” to whatever you want. You could use something like “/mysitelogin” or “/open-sesame” or anything else. Whatever you choose, any user who tries to use the old “/wp-admin” link will just see an error message, stopping bots and would-be hackers in their tracks.
NOTE: Moving your WordPress login screen will mean that you’ll have to share the new login URL with anyone who logs into WordPress on your site, or they won’t be able to access the admin area.