WordPress is generally a very secure content management system but hackers can always find holes in your themes, plugins, and scripts or simply use brute force attacks to get around your defenses. The XO Security plugin is one of many scripts you can use to make your site safe.
This plugin keeps a log of login attempts and can limit failed attempts. It also adds CAPTCHA to your forms, disables XML-RPC & Rest API, and reduces spam. This plugin can also hide your WordPress version and disable RSS and Atom feeds. Want to limit login to usernames or e-mail address? No problem.