A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination. Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your website load time and performance. Therefore, we highly recommend WordPress users to install this comprehensive plugin, Lockdown WP Admin.
Lockdown WP Admin features hiding WordPress Admin (/wp-admin/) when a user isn’t logged in. If a user isn’t logged in and attempts to access WP Admin directly, the WordPress site will return a 404 error page. Users can can also rename the login URL. We’ve created this video to walk through the configuration steps for this plugin.