WordPress, for all its worth, is a pretty secure content management system/ application framework. But with the amount of control you can exercise over your WordPress site, it should be no surprise that website security is also dependent on you.
Now, WordPress login screen is one of the easiest access points to exploit and gain unauthorized access to your website. It’s also pretty easy to get to, considering that wp-login.php can be added after your site domain to see it (unless you go an extra mile to obfuscate login URLs). Beyond that, it’s a matter of time while the brute force algorithm is set cracking your login credentials (Username and password), and then you can say wave goodbye to your clean, spam-free, reasonably nice website. #WordPressSecurity http://bit.ly/2aNTN7t