At first, everything seems to be fine running WordPress blog, but you never know who is trying to login into your blog. But on one final day when you can’t log in into your WordPress blog then the issue arrives. So it is always a good idea to have an eye on who is using your login page.
But how do I track login page
Actually, nobody will track your website login pages but it is must if you want to protect your blog from hacking your password. Like I said you cannot use website tracking scripts like Statcounter, Google Analytics, etc, to track your login page. There is a WordPress plugin that is coded exactly for this purpose, it is called Simple History.
Simple History will track all the activities that are going on your site, like who logged in, who logged out, what changes they made like which settings they used, like that. The good thing about this plugin is that it also tracks failed login attempts, that is you can find who used or tried to login into your blog. This way you can take appropriate action whenever you find somebody who is trying to get access into your site.
As a user of this plugin I found that apart from regular users, spam bots also try to login into your website to create and publish spam articles on your blog. So it is better to protect your login form from these people and bots.
How can I protect my login form from anonymous logins
One way to protect your website from anonymous logins is by adding Google reCaptcha to your website login form. You can easily add Google reCaptcha to your login form just by installing a plugin called Google Captcha. But first, you need to get site key and secret key from the Google reCaptcha website.
While another way is to hide your login form from users. Usually, people will try to access your login form using the default login form URL like www.your-site.com/wp-login.php. So it is better to hide your login form from default URL to your own URL. You can easily do this with the help of a plugin called WPS Hide Login.
You will find difficult to login into your site
If you add captcha to your login form, you cannot publish article to your blog from blogging software like Windows Live Writer. So to publish you need to disable the captcha and enable it after publishing the article.
You will face 403 Forbidden Error on your web server if you try to publish an article from desktop
There is another issue here. Whenever you login into the site on your browser and publish an article using Windows Live Writer or similar software you will encounter Error: 403 Forbidden error. This is because both your browser and Windows Live Writer are on the same system and in the browser you are already logged in, but Windows Live Writer tries to log in again using same username and password.
The web server does not know to whom to give the priority, that is two different applications from the same IP address are trying to log in with same username and password, one application (browser) is already logged in and another application (Windows Live Writer) trying to login into the site.
So to avoid this error you need to log out and close the website tab from your browser completely and then use the Windows Live Writer to publish the blog post. This way you will be safe from 403 forbidden error from occurring on your web server.
You can use above mentioned both WordPress plugins to hide as well as protect your login form. Hope this gives you a better idea on how to protect your blog from hackers and anonymous login attempts.