So, yesterday, I got a few emails from Wordfence with messages that said:
A user with IP address 18.104.22.168 has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username ‘test’ to try to sign in.
User IP: 22.214.171.124
User hostname: […]
This was fun, in the way that I learned how to stop this kind of attack by editing my .htaccess. file
But, cleaning up thousands of notification emails wasn’t part of the fun.
Also, if you have a self-hosted wordpress blog, I hope you keep it updated and have the appropriate security plugins installed. Otherwise, […]