Hi Maxime,
Yes, I am running a woocommerce website and a personal blog, so user can register in their account page.
But new user would require to activate their account by clicking an activation email, and so far I did not find any abnormal activity for applying new account.
I looked at the log of “Limit login attempts”, it seemed the bot used “wp_xmlrpc” to attack my website.
Is it possible that the bot using “wp_xmlrpc” to attack my websites without knowing the secret slug for logging in?
