I'm hoping you may have some guidance on potential approaches I might be able to pursue. We are trying to launch a site that is for employees only (e.g., basically, it redirects anyone who is not currently logged in to the wp-login page). The problem is that, for some reason, we are seeing a lot of failed attempts, and our hosting provider locks down the site out of brute force concerns.
We have done this to protect content; not to provide access to the admin side of wordpress. I know this is a general question, but is there any way to set up a user login that does not require access to the admin directory? I wonder this because the articles I was reading about the Brute Force attacks mention that lock downs occur when unauthorized users try to access the admin side of things.
I'm hoping you may be able to help point me in the right direction. I'm just stuck and really don't know what options are even available for this.