As important as securing direct access to sites, is securing indirect access via the server.
We can figure out the attack routes easily enough because we use them too. Server login, FTP, MySQL clients like phpMyAdmin, and control panels are all targets for brute-forcing, and just like the more obvious WordPress login page, these need toughening up.
As far as the server goes, as we shall see, there's a whole lot more to securing the thing than creating a secure login process. This, though, is the natural starting point.
So what's the difference between server login and control panel login? The control panel is simply a software package, a set of tools that helps us to tweak settings and run tasks in a user-friendly ...