Having a WordPress-based blog that is used by most bloggers around the world causes the interest of hackers to try to break into a WordPress-based blog through attacks on the admin page.
Without realizing, as long as we have a blog there will always be attempts at interference from hackers, especially attempts to break the admin password with the “brute force attack” method. We can see this by looking at the live traffic features of the Wordfence plugin. Maybe many URLs that are always repeated visible on the live traffic page display, especially the URL that points to http://yourblog.com/wp-login.php which is the WP admin login page and http://yourblog.com/xmlrpc.php is an API gateway for interacting with third-party applications.
To prevent this brute force attack, we can use a plugin called “WP Login Door” where the idea is quite simple: we are asked to specify a pair of words that will be used to access the login page URL, for example, to be http://yourblog.com/wp-login.php?word1=word2. If someone wants to try to access your WP login page without the combination of 2 (two) words, then that person will only receive an error message on their browser display.
In general, how to install this plugin is the same as other plugins. Go to your WP Dashboard then click on the “Plugins – Add New” menu. In the search field, type “WP Login Door”. After finding the plugin (made by Nicolas Simonnet), click the “Install Now” button. After it’s installed, activate the plugin by clicking “Activate”.
Next, to set up this tool, enter the “Settings – WpLoginDoor” menu. Then you simply enter the parameters “Key name” and “Key value” in the fields provided. Likewise the “error message” to be displayed. Click “Save Changes” if everything is set.
To check whether the plugin works or not, try typing the URL http://yourblog.com/wp-login.php. If the installation is correct then the PC screen will not display the WordPress login page but an error message will appear as it has been inputted on the plugin.
Then what if we forget or lose the memory of the pair of words earlier? You must log in with FTP to disable the plugin and can reactivate it at any time. This method, in my opinion, is one of the most simple and easy security measures done by WordPress users because they do not have to set up or change important files such as .htaccess and others that risk creating new problems.