I decided just for the hell of it to track, in a database, all the people trying to hack into wp-login.php from my websites. I’m recording their ip address, the username they are trying to login to, and the password they are attempting to use.
I have 5-6 of my websites tracking these trolls, and I created a website that will list the top 30 username/password combinations and the 10 ten ip addresses of the trolls.
I have an hourly set of cron jobs which will update the database with new attempts.
It’s revealing and amusing. This is a poster boy for why you should never have an wordpress admin account named admin.
The website is wp-securitywatch.com, it’s primitive right now, I only have 2 days of data in the database, but I’ll continue to add info like other hacking attempts gleaned from the access and error logs.