Sometimes, just monitoring and blocking isn’t enough.
In our post “Good Fences Make Good Neighbors,” we told you about the millions of cyber attacks that occur daily from leveraging vulnerabilities to brute force attacks security methods to protect your website. However, blocking an IP after it has already accessed and attempted to login doesn’t stop hackers from driving up your website bandwidth and memory usage and affecting performance with tens of thousands of page views. To help prevent your wp-admin or wp-login pages from invalid login attempts, password protect wp-login.php and limit access to wp-admin. Read more about hardening WordPress against brute force attacks on WordPress’s codex