I maintain a number of websites, most of my clients do not want the bother or responsibility of worrying about the day to day maintenance and, who would blame them.
I have all my sites linked with ManageWP so every morning I can open my dashboard and check which sites have plugins that need to be updated and I can logon to the site via the handy link. I can also disable the plugins on one or all sites if necessary – and I needed that during the WordPress update to version 5 – now that was fun! I also use Wordfence Security and WPS Hide Login for security.
So far I have found Wordfence Security to be fantastic – initially, I found the waterfall of emails frustrating but that was because every time a plugin needed to be updated, Wordfence sent me an email …… for every single site that has that plugin. Old and out of date plugins can be a serious security weakness but, with a quick tweak, I have cut down on those emails and rely on me checking the dashboard every morning.
Wordfence also sends me an email every time someone has tried to login to the dashboard of a site and used incorrect login details. This can be disturbing when it happens late in the evening and suddenly I am getting an email every few minutes informing me that someone with an IP address in the strangest of places is locked out. The hacker is probably using a VPN because they would be locked out for a week on that IP address but there is another attempt ….. and another ……. and another. People please! I use a password generator so all my passwords are of the H$13sct*Wrt variety and I do not use admin as my username! I then added WPS Hide Login for another step of security and all seems to be quite on the login attempts. WPS Hide Login lets you change the url of the login form page to anything you want. Nothing is renamed or changed, it simply intercepts page requests so the wp-admin directory and wp-login.php page become inaccessible.
All this effort just to stop someone with a strange urge to deface my website or send users to weirdo land!