Hi @mohamedzaky,
The best way is to change the “admin” username as it’s the default username used for Brute Force on the login page.
You have the option in HMWP Ghost to hide the ID call on the author URL and to change the author profile URL.
Hide My WP > Change Paths > User Security > Custom author Path
https://hidemywpghost.com/kb/customize-paths-in-hide-my-wp-ghost/#customize_author
Also, protect the XMLRPC URL for hacks from Hide My WP > Change Paths > API Security > Disable XML-RPC access
https://hidemywpghost.com/kb/customize-paths-in-hide-my-wp-ghost/#disable_xml_rpc_access
