Since perhaps two months back, I have a huge number of brute force attempts at my site. It can number up to a thousand in a day. These comes in "waves", that can last for up to a couple of hours.
Of course, I don't have "admin" or anything similar as login, none of the attempts have been even close to correct username. But still, this steals quite a lot of power from my site, naturally.
I use "Better WP Security", and have set quite strict policies for login attempts. But it doesn't really matter since the attempts are being made from hundreds of different IP's from (virtually) all around the world.
As I am using the Android WP App, and as I am in need to login from various different locations with dynamic IP's, I feel I don't want to limit login to a single or a couple of IP's either, sadly enough.
Is there any way to make the situation better? I am using a quite cheap space for my site right now, and can't afford a better one at the moment. So site performance is suffering during these attacks.
And, when will WordPress ever set the possibility to change admin login URL, as is the case with for example Prestashop? Doing so now, will affect the compatibility of many plugins. There ought to be a way to finally change this. As it is right now, I feel this is the greatest flaw with WordPress. It needs to change.