Really, no. Nothing that will work long-term at least.
All you can do is lock out those IP addresses, but they change all the time depending on who’s computers/sites have been hacked to send those attempts in the first place. As long as you’ve got the blocks in place like that, you’ll be fine.
As a bit of background, I was trying to do the same thing for ages. I permanantly blocked all IPs that tried invalid logins. What I found was that for well over 99% of those IP addresses, they gave up after the initial lock and I never saw them again. Of course there’s always the couple that don’t, but those just stay blocked after attempting to log in when they are blocked.
Thread Starter
PamPro
(@pampro)
Thanks for the insight.
It was rather odd to me. No issues for ages, then in 3 days a high number of lockouts (4 on wed; 0 on thur; 9 on fri; 29 on sat and so far 68 on sun)
The part that upset me most was when I noticed one of those failed attempts used an existing username (which I addressed, of course).
within 60 seconds of that change, a very specific no-longer-active username was attempted from 3 different IP addys in China.
From what I’ve seen, that’s not mayn attempts at all. I’ve had one site that’s had over 100,000 attempts for an invalid usernmae in around 24 hours. If that’s all that you’re getting, be happy as it’s really not much overall.
As for new ones starting like that, when sites are found to be running WordPress the URL’s are “swapped” between various hacking groups and software, so when your site is found it will be passed around and it will start getting more hits ashackers try the new URL’s. It’s all very normal and (unfortunately) to be epxected.
