Oh for crying out loud, obviously it isn't a requirement to be registered to be hacking, but if you think they're not trying that *as well* you're miles off course.
I also love that you said "Very few wordpress exploits require you to be registered member" That's a gem. So we should just ignore those few and tell everyone that its "just spam?"
It's happened historically, and it'll probably happen again. The fact that there isn't a current exploit based on subscriber-level access doesn't mean they won't find one.
And just because you threw the term 'bullshit' at me, I'm going to have a quiet giggle about your 20 websites being any kind of representation of the internet, that is, assuming you could even identify an attempt at privilege execution from a registered user via your extensive logs from websites you haven't controlled until after the mess occurs.
Whoo, you were wrong... occasionally defending your wrongness until your ears bleed isn't the best course of action.
All I said was that you shouldnt speak in absolutes, because its misleading.
As for your request for proof, you could have included that instead of crying 'bullshit' earlier. Now I'm not really inclined to do your googling for you, especially since you KNOW there have been exploits in the past relating to registered users.
And even if there NEVER WAS an exploit relating to registered users, you can bet you ass it's being tested every day, which makes your "its just spam..." comment that much worse.
It's never *just* anything.