
Password Reset Requests in WordPress
I have some WordPress websites that are several years old and well linkedin on the internet.
(Plugins and WP updated to actual versions).
I start to get more and more bot requests for Password Resets.
To reduce the amount of Spam-Bot requests I plan to change the Admin login URL,
or is it enough to place a htaccess login on the the login folder?
Any recommendations on the best way to proceed without any plugins?
Things I don't plan to do:
-Hide the WP Users (the users are linked by name from the blogposts anyway, and WP does no sees users IDs as a security issue)
-not planing to install a plugin limiting login attempts (useless since the bots change IPs randomly)
-not planing to install a security plugin that gives me automated scans and give false sense of security.
Any recommendations on how to reduce the automated requests of password resets from different IPs?