Large distributed brute force attack underway
looks to be massive.
If you don't have Wordfence (a product I do recommend) then use this in your .htaccess of apache|http conf file to keep knuckleheads out.
Code:
<Files wp-login.php>
order deny,allow
deny from all
allow from xx.yy.zz.aa # Comment0
Allow from aaa.bbb.ccc.ddd # Comment1
</Files>
multiple allow stanzas are ok.
If you use that in your apache|http conf file, be certain to restart your web-server software.
You'll see entries like these in your server logs:
Code:
[Mon Feb 10 07:30:21 2014] [error] [client 146.0.74.202] client denied by server configuration: /var/www/cirrhus9/wp-login.php
[Mon Feb 10 08:04:08 2014] [error] [client 146.0.78.9] client denied by server configuration: /var/www/cirrhus9/wp-login.php
after you implement this.