[ad_1]
A have a site that is not super active normally and over the past few days have had a few new user registrations. Two of those registrations then immediately changed their passwords. Am I the only one who finds this suspicious? Would you take any action if this was your site?
[ad_2]
Install Wordfence and monitor its logs (via Wordfence > Tools) – generally you can tell pretty easily who are bots – but WF will give you a bit more insight, like their country, which you can then use to craft WAF rules in Cloudflare, for example.
I wouldn’t be worried, unless you have some old/abandoned plugins, and the newly created users have high privilege user roles.