It’s something that is often overlooked, but for security and speed, you should IP restrict your /wp-login.php file. I’ve had many sites go down because there’s someone trying to brute force the admin login, and even if it doesn’t take them down entirely, it tends to slow them down. Why? With any finely tuned site, users are mostly hitting static files. CSS, JS, images, cached pages, and so on. When they hit /wp-login.
Read More »