If your using WordPress to manage your site, you’ve got an additional layer of security that can be implemented for login security and that is to use whats called 2 factor authentication. Basically this combines your username and password (first factor) with your Gmail or other Google account (second factor) to authenticate your login. Each time you log into your WordPress site, you’ll be need to pull out your cell phone and type in a randomly generated numeric code as the second part of your login to your website. The code only lasts for a few seconds before it regenerates.
In order to set it up, you’ll need to install the plugin (https://wordpress.org/plugins/google-authenticator/) on your WordPress site. Once its setup, which takes just a few seconds, you’ll be able to go to each users profile and enable a Google Authenticator profile along with a secret to be stored some place safe.
The workflow is pretty straightforward as each user account within WordPress is linked with their personal Gmail account, or Google Apps for Business account. If a user leaves the organization, their account can be removed from WordPress and their access is removed. In larger environments, this may be more complex to implement since each user must setup their Google Authentication. An alternative option to this in larger organizations is to implement an .htaccess login on the Wp-login/Wp-admin login area. This hides the login page behind a server level login popup and can cut down server resource usage significantly during login attacks.