I have been using a free WordPress plugin to track unauthorized attempts to login to my WordPress instance. It is called “Limit Login Attempts” and can be found here: http://devel.kostdoktorn.se/limit-login-attempts. It comes configured to allow for 4 bad logins before blocking an IP address for 24 hours. I set mine up this way and watched over the next few days as the same IP tried every day and got blocked every day. At least this user is persistent, not smart, but persistent.. and noisy. Anyway, I have now moved the lockout time to 9999 hours (the max the box would allow for) just so I get less emails about this attacker.
Once you configure the “Limit Login Attempts” plugin it will send you a nice email reminder when it blocks someone that looks like this one below:
Each time I see this email it just warms my heart, maybe I’m a little bit broken…
I could also edit my .htaccess file to block him/her, or the entire country the IP is originating from. However, that would cut into my fun of watching what is going on. That is what this is about anyway, my entertainment. There is a great site to help you write and edit .htaccess files that can be found here: http://incredibill.me/htaccess-block-country-ips there are some more specific tuning resources to be found here for .htaccess http://www.netmagazine.com/tutorials/protect-your-wordpress-site-htaccess
Another option is to limit your logins based on the originating IP address (this is a smart idea). If you are on the go as I am often connecting from your phone, home, and or work this is not your best option as the rules will get long and messy. It would also be “recommended” to disable or hobble your admin account. I set my admin account to a basic read only account and used a complex password generator so if you can get into that account, it’s yours read all you want, but no posting.
Screenshot of the Plugin and it’s Logs, click on images for a larger view.