This is standard on all new WordPress installs.
If you do not have it, get it.

You know your Login page, username, and password.
If someone tries and fails four times they are locked out for twenty minutes.
If after that they try again with four fails they are locked out for 24 hours.

One the dashboard screen you can see failed attempts.

Really Simple SSL automatically detects your settings and configures your website to run over https.
To keep it lightweight, the options are kept to a minimum. The entire site will move to SSL.

Install and Activate

You will be taken to a screen to ‘Go ahead, activate SSL!”
On the next page click “Enable” on the line for 301 redirects.
Then click Save at the bottom.

Change wp-login.php to anything you want.

Install and Activate, click on the plugins Settings link.

One the next page , change the word “login” to some thing you can remember but is unrelated to WordPress or logging in. Say, “mywriting”.

Logout and login using this name and new location instead of wp-admin.

We will just be using the free portions of this plugin.

Make sure you have also used WPS Hide Login.

Install and Activate, on the next screen put in your email address so you will receive warnings when hacking attempts happen.

At this time we do not have a Premium Key, click No Thanks.