It’s been a little while since I’ve installed the Limit Login Attempts plug-in that I’ve reviewed here and so far, it’s worked as advertised. Since May 15th, I’ve had 11 failed attempts to log into the back-end of WPTavern.com. Three of those occurred on July 24th. 10 out of 11 attempts used admin as the user-name while one attempt used a blank user-name field.
I think everyone should have this plug-in installed on their site or something like it. It’s pretty important to be notified of an IP address trying to crack the password into the back-end of your site although I find it odd that I have yet to see a user-name deviate from admin which leads me to believe that the attempts have been made by bots, or some type of automated script.
It would be a lot safer if you just IP restricted the /wp-admin/ folder, that’s what we’re doing for the corporate blog I just created. In fact, you even have to be on the internal VPN to access it now…just to be extra safe :)