Over the last few days, we have noticed increasing accesses to the wp-login.php page of WordPress installations.
The attacks are not isolated, and come from many IP sources indicating that its a bot or an automated attack. In one case, we logged a total of 550 IP addresses in a 20 minute time span.
To prevent your wordpress site from getting hacked by this method, you should follow the below steps:
- Dont use “admin” as the username for the administrator account
- Dont use simple passwords. Always make your password a mix of letters, numbers and symbols
- Install the “Limit Login Attempts” plugin, so that after a number of failed login attempts, the attacker’s IP address is blocked.
Doing the above three things will substantially make it harder for a hacker to crack your WordPress password. Also, please keep your WordPress installation up to date. As of right now, the latest stable version is 3.6.