Alex who also goes by Viper007Bond has recently installed Limit Login Attempts on his personal blog because someone is trying to brute force their way into his site. I’ve mentioned this plugin before and his post reminded me that I should probably give you all an update as to the results I’ve seen over the past few months.
Since January 1st, 2012 there have been 75 email notifications sent to my inbox letting me know of an IP address that failed to login to the back-end of WPTavern three times in a row. In almost every case, the notifications look like the following with the IP address being different.
3 failed login attempts (1 lockout(s)) from IP: 18.104.22.168
Last user attempted: admin
IP was blocked for 20 minutes
There have only been a few times when Webmaster and even fewer with Jeffro as the attempted username. I receive multiple notifications every day with some spurts of 3-4 different IP addresses failing to login. I have no idea if these are real people or bots trying to login but thankfully, Limit Login Attempts is keeping me abreast of all the failed attempts. It’s definitely a plugin you should consider installing for the sake of monitoring the activity of failed login attempts. This is also a reminder that if you are using admin as your administrative username or have that username within the Administrator role, you’re begging for trouble.