Lately we have been charged huge bills for Brute Force attacks on our wordpress websites. Looking to get suggestion, what all measures do you take in that case ? What I have done this week is, Installed WP Security All in One and changed admin name and folder path Only gave IP access to my office IPs. via htaccess file IP Deny Allow.