This article follows a comment asking if an IP address that visits almost 600 times in the
wp-login.php page (which is the login page of the WordPress Administration) of her blog was well a hacking attempt.
It was a brute-force attack of finding a password by trying all possible combinations. When the password is relatively complex, there is virtually no chance to penetrate it, whereas if it consists of little letters, the risks increase dramatically.
Here are two very simple but daunting methods those will protect your blog from an attack of this type without any problems.
Ban the IP, if you are able to know and to see a live IP attacks you, you can banish and prevent access to your blog by adding this code to
.htaccess file at the root your server:
deny from 22.214.171.124
deny from 126.96.36.199
deny from 188.8.131.52
allow from all
Where are the 184.108.40.206/2/3 IP to be banned. This solution is very effective at the moment but still temporary since hackers often have different IP addresses.
The WordPress plugin Limit Login Attempts which blocks X minutes for a person who was mistaken the password for X time when attempting to access the blog administration. After X crashes, this person will be blocked again for X hours. The Administrator may also be notified by email of the hacking attempt.