I would like to inform and request help from the community.
The security settings of a website we have was done according to WordPress Recommendations and we did not have any single hacking attempts for months. Especially that wp-login.php and wp-admin are only limited by IP Address as follows:
I have a simple custom widget that asks for its width (that is used later in the front end). The width field is a select dropdown, so a user have predefined options.