If you see a 403 Forbidden message on your login page, it may be due to security plugins, incorrect file permissions, or server-level firewalls blocking your IP.
A: This happens when a plugin/update fails. Delete the .maintenance file from your root WordPress directory via FTP.
Keep a record of every successful and failed login attempt. Plugins like WP Security Audit Log will alert you to suspicious activity, such as 10 failed logins from China at 3 AM.
However, the WP login page is also the primary target for hackers. According to security reports, over 90% of automated WordPress attacks target the wp-login.php file. Therefore, understanding how to use, protect, and troubleshoot your WP login is not just helpful—it is essential.
URL is well-known, it is a frequent target for "brute force" attacks. The Ultimate Guide to WordPress Security - WPMU DEV