I have a question about protecting the backends of WordPress sites.
When I do a Joomla site, I set a very strong user name and password on the Joomla admin folder, so that when people go to the Joomla backend login, they first have to enter the user name a password to get to the main admin login page. I set that password protection via Cpanel.
Next, I have a plugin installed that adds a token string of my choosing to the default Joomla admin login, something like http://www.examplesite.com/administrator/index.php?token=12345abcde. If someone manages to brute force their way past the admin folder protection, they'll find themselves at the site front page or wherever else I've redirected the default admin login page (I can do that in the token string plugin settings), because to get to the main admin login they have to navigate past the admin protection and they have to know the token string that I've added to the admin login page url. Finally, on top of all that, I use another very strong user name/password combination for the actual admin login page.
So now my question is, can I do something like this on a WordPress site? I know I can change the admin folder name, etc (I think Better WP Security does this) but I can imagine that that might cause problems for other plugins, where adding the token string wouldn't.
I'd appreciate any pointers or suggestion you might have.