not to sound harsh, but i respectfully disagree. the frequent changing of passwords has been shown to not be effective in preventing break-ins. see:
https://goo.gl/isYtQl
with regards to PCI compliance, i am a HUGE fan of protecting card holder data. but not a fan of how they choose to enact it. i will stop there on PCI compliance.
2-factor authentication is far superior for protecting sensitive data. which frankly on the admin side, i think would not be too hard to implement.
on a related topic, i was recently doing some work on a WP site and the idea of changing the admin crossed my mind, and the WP community seemed to suggest it was a waste of time, as BOTs will find your admin no matter what you change it to. what about the idea of additionally protecting the admin side with a rule in the .htaccess file? just a random thought...
best.
Bookmarks