At about noon today I installed the Limit Logon Attempts WordPress plugin due to the recent reports of a major bot net attack on WordPress sites going on. Since then I’ve received the following reports:
1:18pm
3 failed login attempts (1 lockout(s)) from IP: 94.242.237.133
Last user attempted: admin
IP was blocked for 20 minutes1:43pm
3 failed login attempts (1 lockout(s)) from IP: 66.85.172.250
Last user attempted: admin
IP was blocked for 20 minutes2:22pm
6 failed login attempts (2 lockout(s)) from IP: 94.242.237.133
Last user attempted: admin
IP was blocked for 24 hours3:43pm
3 failed login attempts (1 lockout(s)) from IP: 94.199.51.8
Last user attempted: admin
IP was blocked for 30 minutes4:05pm
6 failed login attempts (2 lockout(s)) from IP: 66.85.172.250
Last user attempted: admin
IP was blocked for 24 hours
Yes folks, this attack is happening! Step one: DO NOT have ‘admin’ or ‘administrator’ as usernames. Ste 2: Install the a fore mentioned plugin.
And here’s the official advice from WordPress:
Here’s what I would recommend: If you still use “admin” as a username on your blog,change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem.
I’ve gotten good results from the Bad Behavior plugin to help stop attacks like this on My WP site. http://bad-behavior.ioerror.us/
Thanks for the post. Several websites by me (wordpress blogs) also got attacked from the IP **.199.51.8, and not only once. I had already installed the plugins you mentioned, that’s why I saw the attack. But the system is still runiing and the attack did nothing fortunately.
Greez