As of April 9th 2013 WordPress admin area’s worldwide are being attacked by 100,000+ bots on a daily basis.
We’ve implemented three security measures: Firewall rules, WP plugin and an authentication check to prevent bots from accessing the admin page.
The latter requires a little input from you.
A username and password are being requested by http://yourdomain.com. The site says: “Human Check – U: admin P: 321nimda”
Enter the username (admin) and password (321nimda) in order to proceed to the regular admin page. These username/password combo’s will change periodically.
Limit Login Attempts
By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.
Clients without managed hosting should consider installing this plugin to increase your site’s security. In your WP administration; go to plugins=>add new=>search “Limit Login Attempts” and install. After installation choose ‘activate’!
We’ve also added measures to prevent breaking into the wp-login.php on the server-side.
UPDATE MAY 25 2013. We removed the human check.