So I learned something about WordPress this last weekend, and while it was slightly terrifying in the midst of it all, in the end, I feel that I am better equipped.
One of the default plugins that Reclaim Hosting packages with WP installs in ‘Limit Login Attempts‘. It is very simple to install and calibrate and it allows you to lock out a particular IP address for a particular time after a set number of failed login attempts. You can also keep a log of which IP addresses are locked out.
This past weekend, I logged over 5000 login attempts from almost 2500 IP addresses. I have since changed my password.
The striking thing was that all of the attempted logins were one or more of four usernames: ‘admin’, ‘administrator’, ‘test’, or ‘merelearning’. There were two attempts with the username ‘e’ and two with my own username (which would have been me locking myself out).
The upshot is that you should never use any of the first three usernames or your domain name as a username.
It Isn’t Hard by Colin Madland is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.