[ad_1]
I’ve had websites since the early 00s, I didn’t care much about security until recently when I suspect someone broke in and used the site for some btc and spam stuff.
I have now another site with WP Armour and I notice a few login trials per week… the site is new and not advertised mainstream, also about specific technological stuff, I just wonder who could try that?
I’m using true random strings for both admin and password, so I’m confident of being safe, I just wonder why people would try and if they go trying all domains they find. And why? if a domain is definitely cheaper than the time they would spend trying until they break into one site.
[ad_2]
They bots. They trawl the domain records and scan new sites for weaknesses. WP sites are notoriously not setup properly because so many newbies use it.
Yes, bulk login attempts are very common. Tune your security plugin to ban any IPs who incorrectly attempt to login more than 3 times over 48+ hours.