I block the ip’s, but the ip’s seem to be from foreign countries. Is this normal?
Yes, and blocking a country for a while seems to send the hackers elsewhere.
I believe there are things you could do in .htaccess to block access, but you would first want/need a dedicated IP to allow for yourself.
If you need random users to be able to login, effective IP blocking will depend on the distribution of your legitimate user base. Realistically, limited login attempts and lockouts combined with a really strong password is more than adequate defense.
Even though I believe security by obscurity is an oxymoron, not having an ‘admin’ user has completely stymied all such hack attempts so far. Still, I believe hiding the login and admin paths is a wasted effort. In my experience, blocking a worldwide botnet has not yet resulted in the hacker controlling it going away. Going on 5 months now, he is still hammering away uselessly at my site. What a moron!
If you only need access for a limited few, a dedicated IP is not necessarily required, though it makes things much easier. I personally have whitelisted the entire IP range allocated to my ISP using CIDR notation in .htaccess (Allow from 123.123.0.0/18 for example). Since no hackers so far use my ISP, the worldwide botnet is completely blocked even though I do not have a static IP, and yet I login without apparent restriction. If I do use a different ISP occasionally, it takes about a minute to temporarily add my current IP to the whitelist via FTP.
