I have installed Wordfence and Sucuri plugin which is generating continuous emails informing me of multiple ips getting locked out as they tried the username "admin" and "test".
Not so long ago, our website was infected with a PHP mailer script and as a result, I had to recreate our entire website onto a new server.
I do not wish to go through that again. I have installed wordfence's 2 step authentication (I was surprised that it is still an addition to the existing password field each time I login).
Is there any idea around:
1. How can I not become a target? As the traffic stats might be mixed up because of these attacks and our cost for hosting at Amazon EC2 could skyrocket.
2. Any other suggestions?