So, I came in this morning to find over 18,000 failed login attempts to my workplace Wordpress site this morning. (See the attached screenshot)
Thankfully, none of these login attempts were able to work because:
1. the Login Requires filling a Captcha
2. Failing to enter the correct login credentials or put in the correct Captcha 4 times locks the account.
3. I use Bad Behavior in Conjunction with Project Honeypot BL look ups, so these offending IP's end up in the BL list due to their spamming.
4. I have a hidden form on the login screen that only bots would fill out, anyone who fills out this hidden form is blocked.
I just wanted others out there who may be using Wordpress or other simlair site to be aware of this going on at the moment...these 18,000 login attempts happened in the matter of a few hours early this morning.
So double check those login records, and do what you can to prevent these people from getting in...I have contacted the abuse department on some of these IP's, but im not sure it will do me any good.
Have a great morning people!