Brute force problem, should I add

Hi,

Thanks for a Great Plugin. Need your advice.

1) My server host said had a brute force. Their msg
At least one WordPress installation within your account “xxxxxx” has come under a brute-force attack.

This attack is specifically targeting wp-login.php and, as such, we have put password protection in place to keep your site secure and online. The attack is intense enough that it risked taking your site online and possibly affecting others on the server.

The password protection we have put in place is suggested in the Official WordPress Codex as you can at [ http://codex.wordpress.org/Brute_Force_Attacks#Password_Protect_wp-login.php ].

For example, of the last 1886 page views, 771 have been to your wp-login.php.
These logins are spread across your domain(s) as follows:
Domain: mail.(mywebname).com or (mywebname).com has 771 wp-login.php accesses out of 1886 page views
~~~
We have protected your site as per the guidance from WordPress on how to truly stop bruteforcing. REF: http://codex.wordpress.org/Brute_Force_Attacks#Password_Protect_wp-login.php

As for the IE error, you should use HTTPS to access your WordPress admin pages. You can install a free certificate using let’s encrypt if the cPanel one is not working.

2) I knew something happened bec when I click Logout I got the blue/wht box:
“Windows Security
iexplore.exe

The server www.(mycompany).com is asking for your user name and pw. the server reports that it is from Private Access.

Warning: Your user name and pw will be sent using basic authentication on a connection that isn’t secure.”

3) Should I dnload plugin(s)
Loginizer or
All in One Security & Firewall?

4) Why isn’t it https? What happened to the “s”?

Now I know how ppl feel when I’m talking financial stmts. :/

Any helllp would be Appreciated.

TIA (Thanks in Advance) 🙂