Massive Admin login attempts

  • Andrzej

    (@awoz)


    11 years, 2 months ago

    On average, our Church website sees 1-2 ‘Admin’ login attempts per month. Today we logged and blacklisted 62 ‘Admin’ login attempts, occurring approximately 8 minutes apart between 10am and 7pm EST. Has anyone else observed this threat?

    What are your preventions for such login attempts? We have renamed the default admin user and have trapped/blacklisted IPs of all Admin user variants.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator James Huff

    (@macmanx)

    11 years, 2 months ago

    Only 62? 🙂

    It’s actually quite common for exploit bots to try “admin,” as that’s still the default username for WordPress, which is why the installer handily suggests choosing something different these days.

    Just make sure that you have some sort of proactive brute-force security, which it sounds like you already do, and you’ll have nothing to worry about.

    Thread Starter Andrzej

    (@awoz)

    11 years, 2 months ago

    James,

    Thanks for your thoughts about this. Can you think of any place where I can report this type of breakin attempt? We just logged/blocked the IPs of 80 more attempts this morning. This is highly unusual.

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    11 years, 2 months ago

    You can report this to your hosting providers.

    Moderator James Huff

    (@macmanx)

    11 years, 2 months ago

    I agree, report it to your hosting providers.

    You could also try a brute-force protection plugin, like Jetpack’s Protect module https://ww.wp.xz.cn/plugins/jetpack/ or https://ww.wp.xz.cn/plugins/better-wp-security/ which both work on a centralized blacklist of brute-force IPs and user-agents. Once something bad is seen on your site, it’s reported and blocked for anyone using the plugin.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Massive Admin login attempts’ is closed to new replies.

Tags