Recently there has been a security alert about a surge in attacks on WordPress sites. A network of botnets are using a brute force attacks to try to break into your site by repeatedly attempting to log in to your admin area with computer-generated credentials.
A company believes that about 90,000 IP addresses are currently involved. CloudFlare, thinks the hackers control about 100,000 bots. As for the scope of the attack, Prince says that CloudFlare saw attacks on virtually every WordPress site on its network.
It is recommended that you change your password to a secure password if you have not done already. A secure password mixes things up by using letters, numbers, upper and lower case letters, and special characters such as &#)@!, etc. It is also recommend to NOT have a username of “admin”
I also recommend that you install a plugin such as Limit Login Attempts that will limit the number of login attempts for an IP. Over the past 3 days this plugin’s download count has rocketed! If yo havent already go and download it now!
As pointed out by Matt Mullenweg supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great (they could try from a different IP a second for 24 hours). So just make sure you are secure guys and make sure your username is not “admin”