Over one weekend I went from getting one or two login attempts, every week or so, to over a thousand in two days. The hackers didn’t get in, but it’s still alarming. (I ran a free scan of my site over at sucuri.net and also with the new plugin, WordFence Security, just to be sure my site is still secure.) If you don’t know much about WordPress security yet, read my post on WordPress Security for Beginners.
I haven’t been able to find a reason for the sudden increase in attempts; it’s probably just bad luck. But my research led me to install a third security plugin, Wordfence. (If you install too many security plugins, they can interfere with each other, but for now this seems to be a good trio.) I now how JetPack (it has a security part), Sucuri Security, and WordFence Security – all free plugins – intalled and activated.
I had already taken care of the basics, my username is not “admin” or “administrator.” But my username did have my url as part of a longer username, and with WordFence I could see that the hackers have tried using my url as my username. It was making me nervous….