Here is some tactical advice for you to implement in your WordPress site so that you can restrict access and put better controls on your system.
- Create an author or editor role for yourself and use this account for all your posting.
- Don’t use the admin role for posting content. Only use the admin role for specific administrative functions such as upgrades.
- Only allow your WordPress web server to access the WordPress database. Don’t allow everyone on the internet to even be able to get to the front door of your database and attempt a login.
- Restrict login attempts and protect your site against brute force attacks with a plugin. Limit Login Attempts works well for this.