my wordpress login hacking tracker site has recorded almost 13,000 login attempt on 5 websites in just over a month. That’s about 75 attempts a day and it’s unevenly distributed. Some of my sites see over 200 attempts a day. The idiots are using at this point over 1200 different ip addresses.
This was amusing until it became annoying. They are firing up multiple copies of wp-login within a few seconds. This overwhelms the shared resources. As of this weekend, I have begun to protect my sites by only allowing access to wp-login from known ip address locations. In google you can google ‘what is my ip address’ and write it down.
Then through ftp or text wrangler or whatever, you can edit your site’s .htaccess and right up front in the file add:
deny from all
allow from (my ip address)
allow from (my second ip address)
allow from (my houses ip address)
allow from (the ip address of my consultant friend)
This will do wonders in cleaning up over utilized shared servers.