[ad_1]
Pretty much the title. I am working on my first website (currently when visiting the site you’d just see a “coming soon” page while I am working on it behind the scenes.)
Random IPs are constantly trying to log in, (I get alerted because I have a security plugin) why is this happening? There is one from New York, US, another from Vienna, Austria, keep in mind this company is not known at all, it is a startup in a third world country, it isn’t even a store that could have sensitive credit card information.
What’s up with this, does this stuff just happen all the time?
[ad_2]
Lots of info missing.
Who is your web host? What plugins are you using? Who knows about this project? Is there anybody working with you?
Yes this is normal. Every website, including ones that aren’t built in wordpress will have bots attempting to login daily. Make sure you have a strong password that is unique to the site and disable xmlrpc if you’re not using the jetpack plugin.
Welcome to the web in 2022. Make sure you’re up-to-date on plugins. Install something like Word fence, Use Cloudflare, etc.
Use Cloudflare and put a browser check page rule on the login pages, they will dissapear.
These are called skiddies (derogatory term that means amateur hackers) who use bots to hit random urls looking for vulnerabilities. A firewall with rate limiting and IP banning rules should protect from this, and I believe someone mentioned Cloudflare as a solution which is a good idea.