[BlueOnyx:21563] Re: Attack by a botnet.

[Michael Stauber]

Hi Brian,

> It is a form of brute force attack from what I can tell and it is low
> bandwidth as they are requesting part of a file (possibly to go
> undetected as it is 2/10’s of bugger all data).
> 
> As I am only using the domain for testing currently I placed a 301 on it
> and renamed the files it is requesting, but they are still going.

Yeah, it's a botnet trying a brute force login to your WordPress
backend. I'd either rename the wp-admin directory to something else
and/or would throw an additional password protection of that folder in
(via .htaccess) or would install a WordPress plugin that requires
additional steps for logins than just username and password.

Like the Google Authenticator:

https://wordpress.org/plugins/tags/2-factor-authentication/

>From that list this one seems to be pretty complete:

https://wordpress.org/plugins/loginizer/

There are also a couple of other WordPress plugins around that offer
additional protection. Without any endorsement this URL shows some of them:

https://wordpress.org/plugins/search/secure+login/

-- 
With best regards

Michael Stauber