When it comes to online safety, protection is the first line of defense. It is better spend the time securing your WordPress site than being sorry later trying to fix it. Moreover you could lose everything you have been building for years.
While regular backup of your site is a good practice to protect your content, there are other little things you can do to tight your site security, like for example this WordPress plugin that I am sharing with you today Login Lock.
Login Lock is a WordPress plugin that limits the number of login attempts from a given IP address within a certain period of time.
The features of the plugin is are simple but powerful, Login Lock records IP address and timestamp form fails logins attempts. If someone is trying to login and it reaches the number of login attempts permitted, it is detected and for a period of time the IP address will be blocked.
Other features include: manually unblock IP addresses, forcibly log out all users immediately and require to change password, and allows you configure log out idle users after an X number of minutes.
Enforce strong password policies: define what characters must be used in a password, define the minimum length, you can even set for how long the password is valid for. Additionally you can prevent users for reusing their passwords and also from using common passwords.
One great feature from Login Lock is the panic button, that when used will immediately log out everyone, including you, resets all the passwords to random values, and sends each user an email telling them that they need to change password.
This is going to prevent when someone without authorization trying to guess your password and it also is going to prevent brute force password attacks.